[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-4432/rust-ring

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 9 21:00:47 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c966c52c by Salvatore Bonaccorso at 2025-05-09T21:58:17+02:00
Update status for CVE-2025-4432/rust-ring

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -213,8 +213,12 @@ CVE-2025-37835 [smb: client: Fix netns refcount imbalance causing leaks and use-
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/4e7f1644f2ac6d01dc584f6301c3b1d5aac4eaef (6.15-rc1)
 CVE-2025-4432
-	- rust-ring <unfixed>
+	- rust-ring 0.17.14-1
+	[bookworm] - rust-ring <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2350655
+	NOTE: Fixed by: https://github.com/briansmith/ring/commit/ec2d3cf1d91f148c84e4806b4f0b3c98f6df3b38
+	NOTE: https://github.com/briansmith/ring/pull/2447
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0009.html
 CVE-2025-4475 (Issue in my product in blah version x on y allows bad person to break)
 	TODO: check
 CVE-2025-4208 (The NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and mu ...)
@@ -20821,11 +20825,6 @@ CVE-2025-21835 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/da1668997052ed1cb00322e1f3b63702615c9429 (6.14-rc3)
 CVE-2025-26865 (Improper Neutralization of Special Elements Used in a Template Engine  ...)
 	NOT-FOR-US: Apache OFBiz
-CVE-2025-XXXX [RUSTSEC-2025-0009]
-	- rust-ring 0.17.14-1
-	[bookworm] - rust-ring <no-dsa> (Minor issue)
-	NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0009.html
-	NOTE: https://github.com/briansmith/ring/pull/2447
 CVE-2025-2067 (A vulnerability was found in projectworlds Life Insurance Management S ...)
 	NOT-FOR-US: projectworlds Life Insurance Management System
 CVE-2025-2066 (A vulnerability has been found in projectworlds Life Insurance Managem ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c966c52c043aaa920760fa40ef60a9a5b6a43b95

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c966c52c043aaa920760fa40ef60a9a5b6a43b95
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/eacece55/attachment.htm>

More information about the debian-security-tracker-commits mailing list