[Git][security-tracker-team/security-tracker][master] CVE-2025-22870

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d5f791d by Bastien Roucariès at 2025-03-09T11:34:39+00:00
CVE-2025-22870

Add description lacking on CVEs and CNA

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1059,6 +1059,8 @@ CVE-2025-22870
 	NOTE: https://github.com/golang/go/issues/71984
 	NOTE: Fixed by: https://github.com/golang/go/commit/334de7982f8ec959c74470dd709ceedfd6dbd50a (go1.24.1)
 	NOTE: Fixed by: https://github.com/golang/go/commit/25177ecde0922c50753c043579d17828b7ee88e7 (go1.23.7)
+	NOTE: Matching of hosts against proxy patterns could improperly treat an IPv6 zone ID as a hostname component.
+	NOTE: For example, when the NO_PROXY environment variable was set to "*.example.com", a request to "[::1%25.example.com]:80` would incorrectly match and not be proxied.
 CVE-2025-1923 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...)
 	{DSA-5875-1}
 	- chromium 134.0.6998.35-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d5f791d005926a07e6546d299235274558e7b88

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d5f791d005926a07e6546d299235274558e7b88
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250309/b85c5505/attachment-0001.htm>