[Git][security-tracker-team/security-tracker][master] CVE-2025-43929/kitty not affecting bullseye

Sat May 31 18:57:41 BST 2025


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a24bd6b8 by Tobias Frost at 2025-05-31T19:56:22+02:00
CVE-2025-43929/kitty not affecting bullseye

The vulnerable code has been introduced with commit
https://github.com/kovidgoyal/kitty/commit/1454af2d416f0eb738c2268ee3297cacb0215dd0,
first seen in tag v0.24.2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -12244,8 +12244,10 @@ CVE-2025-3823 (A vulnerability classified as problematic has been found in Sourc
 	NOT-FOR-US: SourceCodester
 CVE-2025-43929 (open_actions.py in kitty before 0.41.0 does not ask for user confirmat ...)
 	- kitty 0.41.1-1 (bug #1103691)
+	[bullseye] - kitty <not-affected> (vulnerable code introduced later)
 	NOTE: https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35 (v0.41.0)
 	NOTE: PoC: https://github.com/0xBenCantCode/CVE-2025-43929
+	NOTE: Vulernable code introduced with commit https://github.com/kovidgoyal/kitty/commit/1454af2d (v0.24.2)
 CVE-2025-43928 (In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on  ...)
 	NOT-FOR-US: Media Relay Service web service
 CVE-2025-43921 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthentic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24bd6b8856697568d9062db053aff8bd23a8734

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24bd6b8856697568d9062db053aff8bd23a8734
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/c4622860/attachment.htm>
