[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-4658 and CVE-2025-3757

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 14 05:16:59 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7a071905 by Salvatore Bonaccorso at 2025-05-14T06:16:26+02:00
Update status for CVE-2025-4658 and CVE-2025-3757

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,8 @@
 CVE-2025-4660 (A remote code execution vulnerability exists in the Windows agent comp ...)
 	NOT-FOR-US: Forescout
 CVE-2025-4658 (Versions of OpenPubkey library prior to 0.10.0  contained a vulnerabil ...)
-	- golang-github-openpubkey-openpubkey <unfixed>
+	- opkssh <unfixed> (bug #1105741)
+	NOTE: https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66
 CVE-2025-4649 (Improper Privilege Management vulnerability in Centreon web allows Pri ...)
 	NOT-FOR-US: Centreon
 CVE-2025-4648 (Download of Code Without Integrity Check vulnerability in Centreon web ...)
@@ -103,7 +104,8 @@ CVE-2025-40555 (A vulnerability has been identified in APOGEE PXC+TALON TC Serie
 CVE-2025-3916 (CWE-121: Stack-based Buffer Overflowvulnerability existsthat could cau ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2025-3757 (Versions of OpenPubkey library prior to 0.10.0  contained a vulnerabil ...)
-	TODO: seems like a dupe of CVE-2025-4658
+	- golang-github-openpubkey-openpubkey <unfixed> (bug #1105736)
+	NOTE: https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq
 CVE-2025-3744 (Nomad Enterprise (\u201cNomad\u201d) jobs using the policy override op ...)
 	- nomad <not-affected> (Specific to Nomad Enterprise)
 CVE-2025-33025 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a071905904ac217325bf685c65b08c1066629c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7a071905904ac217325bf685c65b08c1066629c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/ff9cd9a1/attachment.htm>

More information about the debian-security-tracker-commits mailing list