[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Tue Mar 4 20:31:13 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0ccd7430 by Salvatore Bonaccorso at 2025-03-04T21:28:46+01:00
Process some NFUs

- - - - -
ac3d328c by Salvatore Bonaccorso at 2025-03-04T21:30:43+01:00
Add CVE-2025-27111/ruby-rack

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-27507 (The open-source identity infrastructure software Zitadel allows admini ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2025-27426 (Malicious websites utilizing a server-side redirect to an internal err ...)
 	TODO: check
 CVE-2025-27425 (Scanning certain QR codes that included text with a website URL could  ...)
@@ -17,7 +17,11 @@ CVE-2025-27155 (Pinecone is an experimental overlay routing protocol suite which
 CVE-2025-27150 (Tuleap is an Open Source Suite to improve management of software devel ...)
 	NOT-FOR-US: Tuleap
 CVE-2025-27111 (Rack is a modular Ruby web server interface. The Rack::Sendfile middle ...)
-	TODO: check
+	- ruby-rack <unfixed>
+	NOTE: https://github.com/rack/rack/security/advisories/GHSA-8cgq-6mh2-7j6v
+	NOTE: Fixed by: https://github.com/rack/rack/commit/b13bc6bfc7506aca3478dc5ac1c2ec6fc53f82a3 (v2.2.12)
+	NOTE: Fixed by: https://github.com/rack/rack/commit/803aa221e8302719715e224f4476e438f2531a53 (v3.0.13)
+	NOTE: Fixed by: https://github.com/rack/rack/commit/aeac570bb8080ca7b53b7f2e2f67498be7ebd30b (v3.1.11)
 CVE-2025-26849 (There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, a ...)
 	TODO: check
 CVE-2025-26320 (t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command  ...)
@@ -152,7 +156,7 @@ CVE-2025-1930 (On Windows, a compromised content process could use bad StreamDat
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-14/#CVE-2025-1930
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-16/#CVE-2025-1930
 CVE-2025-27521 (Vulnerability of improper access permission in the process management  ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2025-27221 (In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.jo ...)
 	- ruby3.3 <unfixed>
 	- ruby3.1 <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/823750dbc9ac62e792d91d30ae6046b2e1620dc5...ac3d328ca404b8501fbc040e75b7ce6f3f5ba57c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/823750dbc9ac62e792d91d30ae6046b2e1620dc5...ac3d328ca404b8501fbc040e75b7ce6f3f5ba57c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250304/448bf6fa/attachment-0001.htm>
