[Git][security-tracker-team/security-tracker][master] Add CVE-2025-68937/forgejo, itp'ed
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Dec 26 08:33:20 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
363bf6cd by Salvatore Bonaccorso at 2025-12-26T09:32:54+01:00
Add CVE-2025-68937/forgejo, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2025-68939 (Gitea before 1.23.0 allows attackers to add attachments with for
CVE-2025-68938 (Gitea before 1.25.2 mishandles authorization for deletion of releases.)
- gitea <removed>
CVE-2025-68937 (Forgejo before 13.0.2 allows attackers to write to unintended files, a ...)
- TODO: check
+ - forgejo <itp> (bug #1058932)
CVE-2025-67450 (Due to insecure library loading in the Eaton UPS Companion software ex ...)
NOT-FOR-US: Eaton
CVE-2025-62578 (DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/363bf6cd7485ac94bc7e21462b2525b6eb811d2f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/363bf6cd7485ac94bc7e21462b2525b6eb811d2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251226/107319af/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list