[Git][security-tracker-team/security-tracker][master] Add CVE-2025-24976/docker-registry
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Feb 12 14:20:33 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21d514a2 by Salvatore Bonaccorso at 2025-02-12T15:18:50+01:00
Add CVE-2025-24976/docker-registry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -239,7 +239,9 @@ CVE-2025-25522 (Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due
CVE-2025-25202 (Ash Authentication is an authentication framework for Elixir applicati ...)
NOT-FOR-US: Ash Authentication
CVE-2025-24976 (Distribution is a toolkit to pack, ship, store, and deliver container ...)
- TODO: check
+ - docker-registry <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/distribution/distribution/security/advisories/GHSA-phw4-mc57-4hwc
+ NOTE: Fixed by (merge commit): https://github.com/distribution/distribution/commit/5ea9aa028db65ca5665f6af2c20ecf9dc34e5fcd (v3.0.0-rc.3)
CVE-2025-24973 (Concorde, formerly know as Nexkey, is a fork of the federated microblo ...)
NOT-FOR-US: Concorde
CVE-2025-24956 (A vulnerability has been identified in OpenV2G (All versions < V0.9.6) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21d514a263d67227d1f5a2fb9cb744bcfe2b7e07
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21d514a263d67227d1f5a2fb9cb744bcfe2b7e07
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250212/93af08f5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list