[Git][security-tracker-team/security-tracker][master] 2 commits: Update associations for CVE-2025-8747 and CVE-2025-1550
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Aug 20 06:58:05 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4eae20f3 by Salvatore Bonaccorso at 2025-08-20T07:52:09+02:00
Update associations for CVE-2025-8747 and CVE-2025-1550
- - - - -
6cd18d32 by Salvatore Bonaccorso at 2025-08-20T07:56:45+02:00
Update status for CVE-2025-1550
No version up to the removed version in usntable (2.3.1+dfsg2-1)
contained the vulnerable code and got introduced upstream later.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3205,8 +3205,7 @@ CVE-2025-8818 (A vulnerability has been found in Linksys RE6250, RE6300, RE6350,
CVE-2025-8817 (A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE65 ...)
NOT-FOR-US: Linksys
CVE-2025-8747 (A safe mode bypass vulnerability in the `Model.load_model` method in K ...)
- - keras <removed>
- [bullseye] - keras <postponed> (Minor issue)
+ - keras <not-affected> (Vulnerable code never present in Debian released version)
NOTE: Follow-up fix for CVE-2025-1550.
NOTE: https://github.com/advisories/GHSA-c9rc-mg46-23w3
NOTE: https://github.com/keras-team/keras/pull/21429 (v3.11.0)
@@ -50817,10 +50816,10 @@ CVE-2025-21180 (Heap-based buffer overflow in Windows exFAT File System allows a
CVE-2025-21169 (Substance3D - Designer versions 14.1 and earlier are affected by a Hea ...)
NOT-FOR-US: Adobe
CVE-2025-1550 (The Keras Model.load_model function permits arbitrary code execution, ...)
- - keras <removed>
- [bullseye] - keras <postponed> (Minor issue; few r-depends; can be fixed in next update)
+ - keras <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/keras-team/keras/security/advisories/GHSA-48g7-3x6r-xfhp
NOTE: https://github.com/keras-team/keras/pull/20751
+ NOTE: When fixing this issue make sure to not open up CVE-2025-8747.
CVE-2025-0151 (Use after free in some Zoom Workplace Apps may allow an authenticated ...)
NOT-FOR-US: Zoom
CVE-2025-0150 (Incorrect behavior order in some Zoom Workplace Apps for iOS before ve ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/30d4bb09f5464e83bb2c09448cb81f43f47b214e...6cd18d32b397cc3fd89d7f7450c99b9e5fb7c126
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/30d4bb09f5464e83bb2c09448cb81f43f47b214e...6cd18d32b397cc3fd89d7f7450c99b9e5fb7c126
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250820/7e24e1e1/attachment.htm>
More information about the debian-security-tracker-commits
mailing list