[Git][security-tracker-team/security-tracker][master] Add CVE-2025-68161/apache-log4j2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 19 20:22:34 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e5c81706 by Salvatore Bonaccorso at 2025-12-19T21:21:57+01:00
Add CVE-2025-68161/apache-log4j2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -161,7 +161,9 @@ CVE-2025-68381 (Improper Bounds Check (CWE-787) in Packetbeat can allow a remote
CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to 5.15.1, ...)
NOT-FOR-US: Weblate
CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2. ...)
- TODO: check
+ - apache-log4j2 <unfixed>
+ NOTE: https://github.com/apache/logging-log4j2/pull/4002
+ NOTE: https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx
CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before 2025-11-15 a ...)
NOT-FOR-US: Deployment Infrastructure in Mintlify Platform
CVE-2025-67845 (A Directory Traversal vulnerability in the Static Asset Proxy Endpoint ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5c81706785071339db3dc3f2e467bcab027617c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5c81706785071339db3dc3f2e467bcab027617c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251219/c73a2e1f/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list