[Git][security-tracker-team/security-tracker][master] Re-associate CVE-2025-12183 from NFU to liblz4-java
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Dec 2 04:54:33 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5558e31d by Salvatore Bonaccorso at 2025-12-02T05:54:20+01:00
Re-associate CVE-2025-12183 from NFU to liblz4-java
Link: https://www.openwall.com/lists/oss-security/2025/12/01/5
Thanks: Alan Coopersmith for spotting the issue.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -351,7 +351,8 @@ CVE-2025-12638 (Keras version 3.11.3 is affected by a path traversal vulnerabili
NOTE: https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4
NOTE: Fixed by: https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951 (v3.12.0)
CVE-2025-12183 (Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier ...)
- NOT-FOR-US: Sonatype
+ - liblz4-java <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2025/12/01/5
CVE-2025-12143 (Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This ...)
NOT-FOR-US: ABB group
CVE-2025-11156 (Netskope was notified about a potential gap in its agent (NS Client) o ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5558e31d365919bd3b0f3d8d4472a8726c72c3c6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5558e31d365919bd3b0f3d8d4472a8726c72c3c6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251202/df934f81/attachment.htm>
More information about the debian-security-tracker-commits
mailing list