[Git][security-tracker-team/security-tracker][master] Add CVE-2025-66221 for python-werkzeug
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 29 09:07:24 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b39292e by Salvatore Bonaccorso at 2025-11-29T10:07:03+01:00
Add CVE-2025-66221 for python-werkzeug
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,9 @@ CVE-2025-66224 (OrangeHRM is a comprehensive human resource management (HRM) sys
CVE-2025-66223 (OpenObserve is a cloud-native observability platform. Prior to version ...)
NOT-FOR-US: OpenObserve
CVE-2025-66221 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
- TODO: check
+ - python-werkzeug <not-affected> (Only affects werkzeug on Windows)
+ NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2
+ NOTE: https://github.com/pallets/werkzeug/commit/4b833376a45c323a189cd11d2362bcffdb1c0c13 (3.1.4)
CVE-2025-66219 (willitmerge is a command line tool to check if pull requests are merge ...)
NOT-FOR-US: willitmerge
CVE-2025-66217 (AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b39292e758ddbff3469b8a7152bb7e4a369c3f1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b39292e758ddbff3469b8a7152bb7e4a369c3f1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251129/072c2860/attachment.htm>
More information about the debian-security-tracker-commits
mailing list