[Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-0411

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 25 07:30:20 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
76d8dfd3 by Salvatore Bonaccorso at 2025-01-25T08:30:02+01:00
Update information on CVE-2025-0411

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1409,11 +1409,10 @@ CVE-2023-37025 (A Null pointer dereference vulnerability in the Mobile Managemen
 CVE-2023-37024 (A reachable assertion in the Mobile Management Entity (MME) of Magma v ...)
 	NOT-FOR-US: Magma
 CVE-2025-0411 [7-Zip Mark-of-the-Web Bypass Vulnerability]
-	- 7zip 24.09+dfsg-1
-	- p7zip 16.02+transitional.1 (unimportant)
-	NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
-	NOTE: depending on 7zip. Mark this version as fixed version.
+	- 7zip <not-affected> (Affects only 7-Zip on Windows handling Mark of the Web (MoTW) metadata)
+	- p7zip <not-affected> (Affects only 7-Zip on Windows handling Mark of the Web (MoTW) metadata)
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-045/
+	NOTE: https://www.openwall.com/lists/oss-security/2025/01/24/6
 CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
 	- nodejs <unfixed> (bug #1094134)
 	NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d8dfd37da610391f9b55da122811df6523ec0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d8dfd37da610391f9b55da122811df6523ec0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250125/f13587d3/attachment.htm>

More information about the debian-security-tracker-commits mailing list