[Git][security-tracker-team/security-tracker][master] Update status for two iputils issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jul 23 06:38:46 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23fe3dd3 by Salvatore Bonaccorso at 2025-07-23T07:37:20+02:00
Update status for two iputils issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -161,7 +161,10 @@ CVE-2025-4285 (Improper Neutralization of Special Elements used in an SQL Comman
CVE-2025-4284 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
NOT-FOR-US: Agentis
CVE-2025-48964 (ping in iputils through 20240905 allows a denial of service (applicati ...)
- TODO: check
+ - iputils <not-affected> (Incomplete fix for CVE-2025-47268 no applied; unimportant)
+ NOTE: https://github.com/iputils/iputils/security/advisories/GHSA-25fr-jw29-74f9
+ NOTE: Fixed by: https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
+ NOTE: Negligible security impact
CVE-2025-48498 (A null pointer dereference vulnerability exists in the Distributed Tra ...)
NOT-FOR-US: Bloomberg Comdb2
CVE-2025-46354 (A denial of service vulnerability exists in the Distributed Transactio ...)
@@ -23933,6 +23936,9 @@ CVE-2025-47268 (ping in iputils through 20240905 allows a denial of service (app
NOTE: https://github.com/iputils/iputils/issues/584
NOTE: https://github.com/Zephkek/ping-rtt-overflow/
NOTE: Fixed by: https://github.com/iputils/iputils/commit/070cfacd7348386173231fb16fad4983d4e6ae40
+ NOTE: When fixing this issue make sure to address the fix completely an not open
+ NOTE: up CVE-2025-48964.
+ NOTE: Followup fix: https://github.com/iputils/iputils/commit/afa36390394a6e0cceba03b52b59b6d41710608c
NOTE: Negligible security impact
CVE-2025-43926 (An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. ...)
[experimental] - znuny 6.5.15-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23fe3dd3682031c7a1deb54c08cead85f90af698
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23fe3dd3682031c7a1deb54c08cead85f90af698
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250723/4e56d9b4/attachment.htm>
More information about the debian-security-tracker-commits
mailing list