[Git][security-tracker-team/security-tracker][master] Add CVE-2025-59390/druid, itp'ed
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Nov 27 14:53:24 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
78ffe263 by Salvatore Bonaccorso at 2025-11-27T15:53:03+01:00
Add CVE-2025-59390/druid, itp'ed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -185,7 +185,7 @@ CVE-2025-62728 (SQL injection vulnerability in Hive Metastore Server (HMS) when
CVE-2025-62354 (Improper neutralization of special elements used in an OS command ('co ...)
NOT-FOR-US: Cursor
CVE-2025-59390 (Apache Druid\u2019s Kerberos authenticator uses a weak fallback secret ...)
- TODO: check
+ - druid <itp> (bug #825797)
CVE-2025-56396 (An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain esca ...)
NOT-FOR-US: Ruoyi
CVE-2025-55471 (Incorrect access control in the getUserFormData function of youlai-boo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78ffe263c60eb82df08f85db6ec240e3c2172d59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/78ffe263c60eb82df08f85db6ec240e3c2172d59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251127/14c8381c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list