[Git][security-tracker-team/security-tracker][master] CVE-2025-4658: Make it a note instead of a concrete package assignment

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a1e29a15 by Salvatore Bonaccorso at 2025-05-14T08:47:19+02:00
CVE-2025-4658: Make it a note instead of a concrete package assignment

We do not really track "dependency update" fixes and this specific CVE
was assigned for opkssh's use of vulnerale openpubkey versions for
CVE-2025-3757. Thus just track the CVE-2025-3757 issue for openpubkey.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,8 @@
 CVE-2025-4660 (A remote code execution vulnerability exists in the Windows agent comp ...)
 	NOT-FOR-US: Forescout
 CVE-2025-4658 (Versions of OpenPubkey library prior to 0.10.0  contained a vulnerabil ...)
-	- opkssh <unfixed> (bug #1105741)
+	NOTE: CVE is assigned for opkssh's use of vulnerable versions of
+	NOTE: golang-github-openpubkey-openpubkey subjected to CVE-2025-3757 (cf. #1105741)
 	NOTE: https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66
 CVE-2025-4649 (Improper Privilege Management vulnerability in Centreon web allows Pri ...)
 	NOT-FOR-US: Centreon



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1e29a156546df6ca90241287826baaffd6fe8ce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1e29a156546df6ca90241287826baaffd6fe8ce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/958f637a/attachment.htm>