[Git][security-tracker-team/security-tracker][master] Add two new netty issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 11 08:50:50 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e469687b by Salvatore Bonaccorso at 2025-02-11T09:50:24+01:00
Add two new netty issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,13 +5,17 @@ CVE-2025-25241 (Due to a missing authorization check, an attacker who is logged
CVE-2025-25194 (Lemmy, a link aggregator and forum for the fediverse, is vulnerable to ...)
NOT-FOR-US: Lemmy
CVE-2025-25193 (Netty, an asynchronous, event-driven network application framework, ha ...)
- TODO: check
+ - netty <unfixed>
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
+ NOTE: Fixed by: https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386 (netty-4.1.118.Final)
CVE-2025-25190 (The ZOO-Project is an open source processing platform. The ZOO-Project ...)
NOT-FOR-US: ZOO-Project
CVE-2025-25189 (The ZOO-Project is an open source processing platform. A reflected Cro ...)
NOT-FOR-US: ZOO-Project
CVE-2025-24970 (Netty, an asynchronous, event-driven network application framework, ha ...)
- TODO: check
+ - netty <unfixed>
+ NOTE: https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw
+ NOTE: Fixed by: https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4 (netty-4.1.118.Final)
CVE-2025-24876 (The SAP Approuter Node.js package version v16.7.1 and before is vulner ...)
NOT-FOR-US: SAP
CVE-2025-24875 (SAP Commerce, by default, sets certain cookies with the SameSite attri ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e469687b5c87c4b50ecb13487c2e70683bac693a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e469687b5c87c4b50ecb13487c2e70683bac693a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250211/93a23fc9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list