[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-47151/lasso: add missing patch
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Fri Dec 5 17:08:56 GMT 2025
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f3b32b87 by Sylvain Beucler at 2025-12-05T18:08:43+01:00
CVE-2025-47151/lasso: add missing patch
Before replacing insecure xmlSecBase64Decode with lasso_base64_decode,
lasso_base64_decode itself must not rely on xmlSecBase64Decode.
- - - - -
e40156ac by Sylvain Beucler at 2025-12-05T18:08:46+01:00
CVE-2025-47151/lasso: add test case for RCE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7905,9 +7905,11 @@ CVE-2025-47151 (A type confusion vulnerability exists in the lasso_node_impl_ini
- lasso 2.9.0-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2193
NOTE: https://git.entrouvert.org/lasso.git/commit/?id=8d12e6263fd6add923469bd5704e05a1ccfa8c69 (v2.9.0)
+ NOTE: https://git.entrouvert.org/lasso.git/commit/?id=ebf3dd68910492ab18e9b8b319386f6495c96b01 (v2.9.0) (test)
CVE-2025-46784 (A denial of service vulnerability exists in the lasso_node_init_from_m ...)
- lasso 2.8.1-1
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2195
+ NOTE: https://git.entrouvert.org/lasso.git/commit/?id=1aa6271f93e48b24f42991aba8906dfd073a1fe3 (v2.8.1)
NOTE: https://git.entrouvert.org/lasso.git/commit/?id=8a588a8acb4a9cb7c7cb4dfd91a8278264a6d15a (v2.8.1)
CVE-2025-46705 (A denial of service vulnerability exists in the g_assert_not_reached f ...)
{DSA-6058-1}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2376b817608a509e49ba618c37d0813a45bd4899...e40156acbb4ba07202eeb60f94d320a401bc921f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2376b817608a509e49ba618c37d0813a45bd4899...e40156acbb4ba07202eeb60f94d320a401bc921f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251205/d6e08282/attachment.htm>
More information about the debian-security-tracker-commits
mailing list