[Git][security-tracker-team/security-tracker][master] Add findings for CVE-2025-25293
Daniel Leidert (@dleidert)
dleidert at debian.org
Thu Mar 27 02:30:01 GMT 2025
Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c580a634 by Daniel Leidert at 2025-03-27T03:29:27+01:00
Add findings for CVE-2025-25293
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3339,8 +3339,13 @@ CVE-2025-2104 (The Page Builder: Pagelayer \u2013 Drag and Drop website builder
CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) single si ...)
- ruby-saml <unfixed> (bug #1100441)
NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
- NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (v1.18.0)
+ NOTE: Vulnerability might be the result of an incomplete fix for a zipbomb attack.
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/pull/383 (v1.12.0)
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/533c84ebfc40f8cbac645b6c76ce4949f95d27d6 (v1.12.0)
NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1 (v1.12.4)
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/pull/601 (v1.13.0..v1.18.0)
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/c21d6935b43a032701d99e398cbfc551e80bfb72 (v1.13.0)
+ NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a (v1.18.0)
CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) single si ...)
- ruby-saml <unfixed> (bug #1100441)
NOTE: https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c580a634a50d2ff77045e01e26449bb424f15207
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c580a634a50d2ff77045e01e26449bb424f15207
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250327/4432d66c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list