[Git][security-tracker-team/security-tracker][master] Add CVE-2025-47913/golang-go.crypto
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 14 09:57:59 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9dd1fe8 by Salvatore Bonaccorso at 2025-11-14T10:57:16+01:00
Add CVE-2025-47913/golang-go.crypto
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -30,7 +30,9 @@ CVE-2025-55070 (Mattermost versions <11 fail to enforce multi-factor authenticat
CVE-2025-4619 (A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS s ...)
NOT-FOR-US: Palo Alto Networks
CVE-2025-47913 (SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed respons ...)
- TODO: check
+ - golang-go.crypto 1:0.42.0-1
+ NOTE: https://github.com/advisories/GHSA-hcg3-q754-cr77
+ NOTE: Fixed by: https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22 (v0.35.0)
CVE-2025-47222 (Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue ...)
NOT-FOR-US: Keyfactor SignServer
CVE-2025-47221 (Keyfactor SignServer before 7.3.1 has Incorrect Access Control, issue ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9dd1fe8252a30b6af17971ae58c8d7bc3293a64
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9dd1fe8252a30b6af17971ae58c8d7bc3293a64
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251114/f22e1c36/attachment.htm>
More information about the debian-security-tracker-commits
mailing list