[Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-4382

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun May 11 06:09:55 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0fbcc889 by Salvatore Bonaccorso at 2025-05-11T07:07:46+02:00
Update information on CVE-2025-4382

Note since when it is possible to build with blocking the command line
interface at build time. Entering rescue mode is present before, so the
underlying vulnerability might still be considered present before that.
Keept the previous added todo item to clarify how we want to handle the
CVE scope.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -186,6 +186,8 @@ CVE-2025-4382 (A flaw was found in systems utilizing LUKS-encrypted disks with G
 	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=301b4ef25a8fafaeba48498e97efd28bd2809f97
 	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=dbc0eb5bd1f40de9b394e3a86e84f46c39a23e40
 	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=73d1c959ea3417e9309ba8c6102d7d6dc7c94259
+	NOTE: Option to block command line interface at build time introduced with:
+	NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=bb65d81fe320e4b20d0a9b32232a7546eb275ecc
 	TODO: double check if vulnerability only considered present after grub_is_cli_disabled is introduced
 CVE-2025-4377 (Improper Limitation of a Pathname caused a Path Traversal vulnerabilit ...)
 	NOT-FOR-US: Sparx Systems Pro Cloud Server



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbcc8894364ef07531e8c9254b930c537922f29

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbcc8894364ef07531e8c9254b930c537922f29
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250511/4ccd4eb3/attachment.htm>

More information about the debian-security-tracker-commits mailing list