[Git][security-tracker-team/security-tracker][master] Add CVE-2025-64718/node-js-yaml
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 13 20:28:40 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
29a4c8b2 by Salvatore Bonaccorso at 2025-11-13T21:28:13+01:00
Add CVE-2025-64718/node-js-yaml
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,7 +13,9 @@ CVE-2025-64738 (External control of file name or path in Zoom Workplace for macO
CVE-2025-64726 (Socket Firewall is an HTTP/HTTPS proxy server that intercepts package ...)
NOT-FOR-US: Socket Firewall
CVE-2025-64718 (js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and b ...)
- TODO: check
+ - node-js-yaml <unfixed>
+ NOTE: https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m
+ NOTE: Fixed by: https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879 (4.1.1)
CVE-2025-64717 (ZITADEL is an open source identity management platform. Starting in ve ...)
NOT-FOR-US: Zitadel
CVE-2025-64716 (Anubis is a Web AI Firewall Utility that challenges users' connections ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29a4c8b2e9fe54b1807d105580666ed9fe73d118
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/29a4c8b2e9fe54b1807d105580666ed9fe73d118
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251113/feeea49b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list