[Git][security-tracker-team/security-tracker][master] Add two new issues in python-signxml

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 2 21:24:33 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aae147f2 by Salvatore Bonaccorso at 2025-06-02T22:24:10+02:00
Add two new issues in python-signxml

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,9 +31,13 @@ CVE-2025-49069 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consu
 CVE-2025-48996 (HAX open-apis provides microservice apis for HAX webcomponents repo th ...)
 	NOT-FOR-US: HAX open-apis
 CVE-2025-48995 (SignXML is an implementation of the W3C XML Signature standard in Pyth ...)
-	TODO: check
+	- python-signxml <unfixed>
+	NOTE: https://github.com/XML-Security/signxml/security/advisories/GHSA-gmhf-gg8w-jw42
+	NOTE: Fixed by: https://github.com/XML-Security/signxml/commit/1b501faaacf34cf978a52dbc6915ec11e27611cd (v4.0.4)
 CVE-2025-48994 (SignXML is an implementation of the W3C XML Signature standard in Pyth ...)
-	TODO: check
+	- python-signxml <unfixed>
+	NOTE: https://github.com/XML-Security/signxml/security/advisories/GHSA-6vx8-pcwv-xhf4
+	NOTE: Fixed by: https://github.com/XML-Security/signxml/commit/e3c0c2b82a3329a65d917830657649c98b8c7600 (v4.0.4)
 CVE-2025-48990 (NeKernal is a free and open-source operating system stack. Version 0.0 ...)
 	NOT-FOR-US: NeKernal
 CVE-2025-48958 (Froxlor is open source server administration software. Prior to versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae147f21e4789cddee78de857ccb9611b67def9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae147f21e4789cddee78de857ccb9611b67def9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250602/fed4c472/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list