[Git][security-tracker-team/security-tracker][master] CVE for varnish issue allocated

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 14 09:20:04 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a2f5c3cc by Salvatore Bonaccorso at 2025-05-14T10:19:39+02:00
CVE for varnish issue allocated

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,8 +4,6 @@ CVE-2025-4574 (In crossbeam-channel rust crate, the internal `Channel` type's `D
 	TODO: check
 CVE-2025-4520 (The Uncanny Automator plugin for WordPress is vulnerable to unauthoriz ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-47905 (Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterpris ...)
-	TODO: check
 CVE-2025-47899
 	REJECTED
 CVE-2025-47898
@@ -808,7 +806,7 @@ CVE-2025-47711
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2365687
 	NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/e6f96bd1b77c0cc927ce6aeff650b52238304f39 (v1.43.7)
 	NOTE: Fixed by: https://gitlab.com/nbdkit/nbdkit/-/commit/c3c1950867ea8d9c2108ff066ed9e78dde3cfc3f (v1.42.3)
-CVE-2025-XXXX [Request Smuggling Attac]
+CVE-2025-47905 [Request Smuggling Attac]
 	- varnish 7.7.0-2
 	NOTE: https://varnish-cache.org/security/VSV00016.html
 	NOTE: https://github.com/varnishcache/varnish-cache/commit/b5f1faba6e8d9848cfe0cba566986e7e5cc5f65b (varnish-7.7.1)


=====================================
data/DSA/list
=====================================
@@ -1,4 +1,5 @@
 [13 May 2025] DSA-5918-1 varnish - security update
+	{CVE-2025-47905}
 	[bookworm] - varnish 7.1.1-2+deb12u1
 [08 May 2025] DSA-5917-1 libapache2-mod-auth-openidc - security update
 	{CVE-2025-3891}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2f5c3ccd1460a94b008832a3e985d99c83ecab5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a2f5c3ccd1460a94b008832a3e985d99c83ecab5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250514/db4f94ab/attachment.htm>

More information about the debian-security-tracker-commits mailing list