[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-14946/libnbd
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Dec 20 19:58:01 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8b1d6a8f by Salvatore Bonaccorso at 2025-12-20T20:57:19+01:00
Update status for CVE-2025-14946/libnbd
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -171,11 +171,12 @@ CVE-2025-14951 (A security vulnerability has been detected in code-projects Scho
CVE-2025-14950 (A weakness has been identified in code-projects Scholars Tracking Syst ...)
NOT-FOR-US: code-projects
CVE-2025-14946 (A flaw was found in libnbd. A malicious actor could exploit this by co ...)
- - libnbd <unfixed>
+ - libnbd 1.22.5-1
[bookworm] - libnbd <not-affected> (Vulnerable code introduced later)
NOTE: https://libguestfs.org/libnbd-release-notes-1.24.1.html#Security
NOTE: https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/YZMBF3SJRWTRVT5L3KWSNHITFTRMQNTT/
NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/fffd87a3ba216cf2f9c212e5db96b13b98985edf (v1.23.9)
+ NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/f461fe64d21fe8a6d32b56ccb50d06489d2e2698 (v1.22.5)
NOTE: nbd+ssh support introduced with: https://gitlab.com/nbdkit/libnbd/-/commit/b3802e3a987eb1ffa34c385e36033465d2bd2ba3 (v1.21.2)
CVE-2025-14882 (An API endpoint allowed access to sensitive files from other users by ...)
NOT-FOR-US: rami.io products
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b1d6a8f0f185b6676d0825020d67e513f69a8fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8b1d6a8f0f185b6676d0825020d67e513f69a8fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251220/e0c087d8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list