[Git][security-tracker-team/security-tracker][master] Add note for watcher and nova temporary entry
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 22 20:32:11 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
67d10f2f by Salvatore Bonaccorso at 2025-08-22T21:31:04+02:00
Add note for watcher and nova temporary entry
Actually it is more a hardening measure and does not warrant a CVE
assigned (not considered a security vulnerability) and thus might get
dropped from the list.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -462,6 +462,9 @@ CVE-2025-XXXX [OSSN-0094]
- watcher 14.0.0-3 (bug #1111692)
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0094
NOTE: https://bugs.launchpad.net/nova/+bug/2112187
+ NOTE: The swap volume, live migration and all Watcher APIs are admin only so with
+ NOTE: default policy is only possible to create the inconsistent state described in
+ NOTE: the OSSN-0094 if one has admin rights on the relevant OpenStack project.
CVE-2025-9288 (Improper Input Validation vulnerability in sha.js allows Input Data Ma ...)
- node-sha.js <unfixed> (bug #1111769)
NOTE: https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67d10f2f641fbbfe505020907be1646759e5245c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67d10f2f641fbbfe505020907be1646759e5245c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250822/f8159800/attachment.htm>
More information about the debian-security-tracker-commits
mailing list