[Git][security-tracker-team/security-tracker][master] Add CVE-2025-58058/golang-github-ulikunitz-xz
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Aug 29 22:17:33 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8f036f6 by Salvatore Bonaccorso at 2025-08-29T23:16:46+02:00
Add CVE-2025-58058/golang-github-ulikunitz-xz
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -313,7 +313,9 @@ CVE-2025-58062 (LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp develo
CVE-2025-58061 (OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persist ...)
NOT-FOR-US: OpenEBS
CVE-2025-58058 (xz is a pure golang package for reading and writing xz-compressed file ...)
- TODO: check
+ - golang-github-ulikunitz-xz <unfixed>
+ NOTE: https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9
+ NOTE: https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2 (v0.5.14-rc.1)
CVE-2025-54777 (Uncaught exception issue exists in Multiple products in bizhub series. ...)
NOT-FOR-US: buzhub
CVE-2025-54142 (Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OP ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8f036f6c5ca268d1179153fdab057abfc3a4632
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8f036f6c5ca268d1179153fdab057abfc3a4632
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250829/d5766063/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list