[Git][security-tracker-team/security-tracker][master] Add further clarification step for CVE-2025-4382

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
732528c3 by Salvatore Bonaccorso at 2025-05-10T11:39:56+02:00
Add further clarification step for CVE-2025-4382

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -93,6 +93,7 @@ CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with G
 	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=301b4ef25a8fafaeba48498e97efd28bd2809f97
 	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=dbc0eb5bd1f40de9b394e3a86e84f46c39a23e40
 	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=73d1c959ea3417e9309ba8c6102d7d6dc7c94259
+	TODO: double check if vulnerability only considered present after grub_is_cli_disabled is introduced
 CVE-2025-4377 (Improper Limitation of a Pathname caused a Path Traversal vulnerabilit ...)
 	NOT-FOR-US: Sparx Systems Pro Cloud Server
 CVE-2025-4376 (Improper Input Validation vulnerability in Sparx Systems Pro Cloud Ser ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732528c3e9471ccd0ef024e7ad31165392cebfe4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/732528c3e9471ccd0ef024e7ad31165392cebfe4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250510/b9488863/attachment.htm>