[Git][security-tracker-team/security-tracker][master] Add status for CVE-2025-48938

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 30 21:54:44 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aac082ad by Salvatore Bonaccorso at 2025-05-30T22:54:24+02:00
Add status for CVE-2025-48938

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,7 +61,15 @@ CVE-2025-48943 (vLLM is an inference and serving engine for large language model
 CVE-2025-48942 (vLLM is an inference and serving engine for large language models (LLM ...)
 	- vllm <itp> (bug #1095237)
 CVE-2025-48938 (go-gh is a collection of Go modules to make authoring GitHub CLI exten ...)
-	TODO: check
+	- golang-github-cli-go-gh <unfixed>
+	- golang-github-cli-go-gh-v2 <unfixed>
+	NOTE: https://github.com/cli/go-gh/security/advisories/GHSA-g9f5-x53j-h563
+	NOTE: Fixed by: https://github.com/cli/go-gh/commit/df956a6624bc1210543873062ce0905357be1299 (v2.12.1)
+	NOTE: Fixed by: https://github.com/cli/go-gh/commit/0f8a22fe3a4b3d418268dfef57bcee15330f5b15 (v2.12.1)
+	NOTE: Fixed by: https://github.com/cli/go-gh/commit/258949bd372e4689d3203cbcef8734062ff59a97 (v2.12.1)
+	NOTE: Fxied by: https://github.com/cli/go-gh/commit/055ff2108e3edff35996a8efa3afa0a9e64649f1 (v2.12.1)
+	NOTE: Fixed by: https://github.com/cli/go-gh/commit/56c6f10bd535e14098f5a21232f931463c808a77 (v2.12.1)
+	NOTE: Fixed by: https://github.com/cli/go-gh/commit/1ecf6c49ecb0629c6538d88970b669bf4f989ccc (v2.12.1)
 CVE-2025-48912 (An authenticated malicious actor using specially crafted requests coul ...)
 	NOT-FOR-US: Apache Superset
 CVE-2025-48887 (vLLM, an inference and serving engine for large language models (LLMs) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac082ad700f8a87317401b2a51f443d13895dda

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aac082ad700f8a87317401b2a51f443d13895dda
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250530/20850333/attachment.htm>

More information about the debian-security-tracker-commits mailing list