[Git][security-tracker-team/security-tracker][master] Add CVE-2025-12638/keras
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Nov 28 20:19:08 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8de8d9a6 by Salvatore Bonaccorso at 2025-11-28T21:18:19+01:00
Add CVE-2025-12638/keras
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,7 +9,9 @@ CVE-2025-51733 (Cross-Site Request Forgery (CSRF) vulnerability in HCL Technolog
CVE-2025-13683 (Exposure of credentials in unintended requests in Devolutions Server, ...)
NOT-FOR-US: Devolutions
CVE-2025-12638 (Keras version 3.11.3 is affected by a path traversal vulnerability in ...)
- TODO: check
+ - keras <removed>
+ NOTE: https://huntr.com/bounties/f94f5beb-54d8-4e6a-8bac-86d9aee103f4
+ NOTE: Fixed by: https://github.com/keras-team/keras/commit/47fcb397ee4caffd5a75efd1fa3067559594e951 (v3.12.0)
CVE-2025-12183 (Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier ...)
NOT-FOR-US: Sonatype
CVE-2025-12143 (Stack-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8de8d9a6425ea3b278ac7ddb133e1e3c859934f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8de8d9a6425ea3b278ac7ddb133e1e3c859934f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251128/56c2c69b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list