[Git][security-tracker-team/security-tracker][master] 2 commits: Use bugzilla id for CVE-2025-4123

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 16 11:47:01 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0111f011 by Salvatore Bonaccorso at 2025-05-16T12:36:11+02:00
Use bugzilla id for CVE-2025-4123

- - - - -
6970d62a by Salvatore Bonaccorso at 2025-05-16T12:45:42+02:00
Update status for CVE-2025-4476/libsoup

Different issue upstream than CVE-2025-32910, add initial tracking for
libsoup3 (will be fixed in 3.6.6) but needs investigation if libsoup2.4
is affected (same function, but code was slightly refactored as well).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -524,11 +524,15 @@ CVE-2023-5529 (The Advanced Page Visit Counter  WordPress plugin before 8.0.6 do
 CVE-2023-2334 (The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy D ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-4476 [libsoup: Null pointer dereference in libsoup may lead to Denial Of Service]
-	NOTE: Looks like a dupe of CVE-2025-32910
+	- libsoup3 <unfixed>
+	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/440
+	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457
+	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2366513
+	TODO: check if affects as well ibsoup2.4
 CVE-2025-4123
 	- grafana <removed>
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2025-4123
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2364632
 CVE-2025-4762 (Insecure Direct Object Reference (IDOR) vulnerability in the eSignaVie ...)
 	NOT-FOR-US: eSigna
 CVE-2025-4717 (A vulnerability, which was classified as critical, was found in PHPGur ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5f25edae99c4713e431a62875de01bc3b5c1c061...6970d62ad0619b325e96945f76ac88349e5e72d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5f25edae99c4713e431a62875de01bc3b5c1c061...6970d62ad0619b325e96945f76ac88349e5e72d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/14fb9a10/attachment.htm>

More information about the debian-security-tracker-commits mailing list