[Git][security-tracker-team/security-tracker][master] Associate rnp with CVE-2025-13470

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Nov 21 20:25:16 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
47b3e6c6 by Salvatore Bonaccorso at 2025-11-21T21:24:40+01:00
Associate rnp with CVE-2025-13470

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -118,8 +118,6 @@ CVE-2025-29934 (A bug within some AMD CPUs could allow a local admin-privileged
 	TODO: check
 CVE-2025-13524 (Improper resource release in the call termination process in AWS Wickr ...)
 	NOT-FOR-US: Amazon
-CVE-2025-13470 (In RNP version 0.18.0 a refactoring regression causes the symmetric  s ...)
-	TODO: check
 CVE-2025-13432 (Terraform state versions can be created by a user with specific but in ...)
 	TODO: check
 CVE-2025-13357 (Vault\u2019s Terraform Provider incorrectly set the default deny_null_ ...)
@@ -466,12 +464,13 @@ CVE-2025-0643 (Improper Neutralization of Input During Web Page Generation (XSS
 	NOT-FOR-US: Pyxis Signage
 CVE-2024-31405
 	REJECTED
-CVE-2025-13402 [RNP PKESK Session Keys Generated as All-Zero]
+CVE-2025-13470 [RNP PKESK Session Keys Generated as All-Zero]
 	- rnp <unfixed> (bug #1121081)
 	[trixie] - rnp <not-affected> (Vulnerable code introduced later)
 	[bookworm] - rnp <not-affected> (Vulnerable code introduced later)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2415863
 	NOTE: Introduced with: https://github.com/rnpgp/rnp/commit/020c61c4814d29d723b62ee4a2d2719a6b397acf (v0.18.0)
+	NOTE: Fixed by: https://github.com/rnpgp/rnp/commit/1a2359d623e4eac8e81e4c24195fb39898f37b40 (v0.18.1)
 CVE-2025-64984 (Kaspersky has fixed a security issue in Kaspersky Endpoint Security fo ...)
 	NOT-FOR-US: Kaspersky
 CVE-2025-63932 (D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b3e6c6435d003e7704a602168878781886a8bc

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/47b3e6c6435d003e7704a602168878781886a8bc
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251121/a63d9e15/attachment.htm>

More information about the debian-security-tracker-commits mailing list