[Git][security-tracker-team/security-tracker][master] Add CVE-2025-22153/restrictedpython
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jan 23 20:41:49 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0efd4b9e by Salvatore Bonaccorso at 2025-01-23T21:41:28+01:00
Add CVE-2025-22153/restrictedpython
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,7 +59,12 @@ CVE-2025-22768 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rock
CVE-2025-22264 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22153 (RestrictedPython is a tool that helps to define a subset of the Python ...)
- TODO: check
+ - restrictedpython <unfixed>
+ [bookworm] - restrictedpython <not-affected> (Vulnerable code introduced later)
+ [bullseye] - restrictedpython <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2
+ NOTE: Introduced with: https://github.com/zopefoundation/RestrictedPython/commit/688bec4711240cc9886006ae02886b667bfffc54 (6.0)
+ NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f (8.0)
CVE-2025-0648 (Unexpected server crash in database driver in M-Files Server before 25 ...)
NOT-FOR-US: M-Files
CVE-2025-0637 (It has been found that the Beta10 software does not provide for proper ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0efd4b9ecf8086b87e23db5d2a0d114c73651b6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0efd4b9ecf8086b87e23db5d2a0d114c73651b6d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/fe898c8e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list