[Git][security-tracker-team/security-tracker][master] 2 commits: Add PR link for CVE-2025-13353/gokey

Daniel Leidert (@dleidert) dleidert at debian.org
Tue Dec 9 22:18:39 GMT 2025 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
707af647 by Daniel Leidert at 2025-12-09T23:18:08+01:00
Add PR link for CVE-2025-13353/gokey

- - - - -
a09d5ed0 by Daniel Leidert at 2025-12-09T23:18:09+01:00
Add a note about the patch situation of CVE-2025-12183/lz4-java

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3879,6 +3879,7 @@ CVE-2025-13505 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2025-13353 (In gokey versions <0.2.0,  a flaw in the seed decryption logic resulte ...)
 	- gokey <unfixed> (bug #1121846)
 	NOTE: https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm
+	NOTE: https://github.com/cloudflare/gokey/pull/79/files
 CVE-2025-13295 (Insertion of Sensitive Information Into Sent Data vulnerability in Arg ...)
 	NOT-FOR-US: BILGER
 CVE-2025-13090 (The WP Directory Kit plugin for WordPress is vulnerable to SQL Injecti ...)
@@ -4482,6 +4483,7 @@ CVE-2025-12638 (Keras version 3.11.3 is affected by a path traversal vulnerabili
 CVE-2025-12183 (Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier  ...)
 	- lz4-java <unfixed> (bug #1122026)
 	NOTE: https://www.openwall.com/lists/oss-security/2025/12/01/5
+	NOTE: Releases 1.8.1, 1.9.0, and 1.10.0 of yawkat LZ4 Java contain multiple sparsely documented patches to address this CVE.
 CVE-2025-12143 (Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This ...)
 	NOT-FOR-US: ABB group
 CVE-2025-11156 (Netskope was notified about a potential gap in its agent (NS Client) o ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/edf7baa4672fa3322ca0013c175e54c0312f84fd...a09d5ed06e363fa5fb0c60b0f23a058dab95add3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/edf7baa4672fa3322ca0013c175e54c0312f84fd...a09d5ed06e363fa5fb0c60b0f23a058dab95add3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251209/a31c9603/attachment.htm>

More information about the debian-security-tracker-commits mailing list