[Git][security-tracker-team/security-tracker][master] Add CVE-2025-29786/golang-github-antonmedv-expr
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Mar 18 06:55:07 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02168f9f by Salvatore Bonaccorso at 2025-03-18T07:54:41+01:00
Add CVE-2025-29786/golang-github-antonmedv-expr
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -68,7 +68,10 @@ CVE-2025-29787 (`zip` is a zip library for rust which supports reading and writi
NOTE: Fixed by: https://github.com/zip-rs/zip2/commit/a2e062f37066c3b12860a32eb1cb44856cfb7afe (v2.3.0)
TODO: check, might only be introduced in 1.3.0
CVE-2025-29786 (Expr is an expression language and expression evaluation for Go. Prior ...)
- TODO: check
+ - golang-github-antonmedv-expr <unfixed>
+ NOTE: https://github.com/advisories/GHSA-93mq-9ffx-83m2
+ NOTE: https://github.com/expr-lang/expr/pull/762
+ NOTE: Fixed by: https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e (v1.17.0)
CVE-2025-29431 (Code-projects Online Class and Exam Scheduling System V1.0 is vulnerab ...)
NOT-FOR-US: code-projects
CVE-2025-29430 (Code-projects Online Class and Exam Scheduling System V1.0 is vulnerab ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02168f9fcca5f2c6f783b9681998405a3a214c2f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02168f9fcca5f2c6f783b9681998405a3a214c2f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250318/8e5ad710/attachment.htm>
More information about the debian-security-tracker-commits
mailing list