[Git][security-tracker-team/security-tracker][master] Add CVE-2025-6442/ruby-webrick
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jun 25 21:47:12 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1c9f1368 by Salvatore Bonaccorso at 2025-06-25T22:46:23+02:00
Add CVE-2025-6442/ruby-webrick
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -47,7 +47,9 @@ CVE-2025-6445 (ServiceStack FindType Directory Traversal Remote Code Execution V
CVE-2025-6444 (ServiceStack GetErrorResponse Improper Input Validation NTLM Relay Vul ...)
NOT-FOR-US: ServiceStack
CVE-2025-6442 (Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vu ...)
- TODO: check
+ - ruby-webrick 1.9.1-1
+ NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-414/
+ NOTE: Fixed by: https://github.com/ruby/webrick/commit/ee60354bcb84ec33b9245e1d1aa6e1f7e8132101 (v1.8.2)
CVE-2025-5927 (The Everest Forms (Pro) plugin for WordPress is vulnerable to arbitrar ...)
NOT-FOR-US: WordPress plugin
CVE-2025-5834 (Pioneer DMH-WT7600NEX Missing Immutable Root of Trust in Hardware Loca ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9f136854317d6730e5c451aebad61a6dc5856f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1c9f136854317d6730e5c451aebad61a6dc5856f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/b41efc5a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list