[Git][security-tracker-team/security-tracker][master] Add CVE-2025-26625/git-lfs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
03fde6f4 by Salvatore Bonaccorso at 2025-10-17T23:15:28+02:00
Add CVE-2025-26625/git-lfs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -75,7 +75,11 @@ CVE-2025-34282 (ThingsBoard versions < 4.2.1 contain a server-side request forge
 CVE-2025-34281 (ThingsBoard versions < 4.2.1 contain a stored cross-site scripting (XS ...)
 	TODO: check
 CVE-2025-26625 (Git LFS is a Git extension for versioning large files. In Git LFS vers ...)
-	TODO: check
+	- git-lfs <unfixed>
+	NOTE: https://github.com/git-lfs/git-lfs/security/advisories/GHSA-6pvw-g552-53c5
+	NOTE: https://github.com/git-lfs/git-lfs/commit/0cffe93176b870055c9dadbb3cc9a4a440e98396 (main)
+	NOTE: https://github.com/git-lfs/git-lfs/commit/5c11ffce9a4f095ff356bc781e2a031abb46c1a8 (main)
+	NOTE: https://github.com/git-lfs/git-lfs/commit/d02bd13f02ef76f6807581cd6b34709069cb3615 (main)
 CVE-2025-11925 (Incorrect Content-Type header in one of the APIs (`text/html` instead  ...)
 	TODO: check
 CVE-2025-11911 (A vulnerability was detected in Shenzhen Ruiming Technology Streamax C ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03fde6f4e0d11cd97e8bd86821248baf9fc15c71

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/03fde6f4e0d11cd97e8bd86821248baf9fc15c71
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251017/74408633/attachment.htm>