[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Oct 25 23:19:49 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3e6ec5b6 by Moritz Muehlenhoff at 2025-10-26T00:19:26+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10183,7 +10183,7 @@ CVE-2025-59844 (SonarQube Server and Cloud is a static analysis solution for con
 CVE-2025-59843 (Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 t ...)
 	NOT-FOR-US: Flag Forge
 CVE-2025-59842 (jupyterlab is an extensible environment for interactive and reproducib ...)
-	- jupyterlab <unfixed>
+	- jupyterlab <unfixed> (bug #1118967)
 	[trixie] - jupyterlab <no-dsa> (Minor issue)
 	NOTE: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-vvfj-2jqx-52jm
 	NOTE: https://github.com/jupyterlab/jupyterlab/commit/88ef373039a8cc09f27d3814382a512d9033675c
@@ -10618,7 +10618,7 @@ CVE-2025-55557 (A Name Error occurs in pytorch v2.7.0 when a PyTorch model consi
 	NOTE: https://github.com/pytorch/pytorch/pull/151931
 	NOTE: https://github.com/pytorch/pytorch/commit/0a470dc7c148a6814b01d28094cd45147c6e5187 (v2.8.0-rc1)
 CVE-2025-55556 (TensorFlow v2.18.0 was discovered to output random results when compil ...)
-	- tensorflow <unfixed>
+	- tensorflow <unfixed> (bug #1118968)
 	NOTE: https://github.com/tensorflow/tensorflow/issues/82317
 CVE-2025-55554 (pytorch v2.8.0 was discovered to contain an integer overflow in the co ...)
 	- pytorch <unfixed> (bug #1116534)
@@ -21218,7 +21218,7 @@ CVE-2025-4644 (A Session Fixation vulnerability existed in Payload's SQLite adap
 CVE-2025-4643 (Payload uses JSON Web Tokens (JWT) for authentication. After log out J ...)
 	NOT-FOR-US: Payload
 CVE-2025-47909 (Hosts listed in TrustedOrigins implicitly allow requests from the corr ...)
-	- golang-github-gorilla-csrf <unfixed>
+	- golang-github-gorilla-csrf <unfixed> (bug #1118966)
 	[trixie] - golang-github-gorilla-csrf <no-dsa> (Minor issue)
 	[bookworm] - golang-github-gorilla-csrf <no-dsa> (Minor issue)
 	NOTE: https://github.com/golang/vulndb/issues/3884



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e6ec5b6adaf9a765b799b7c97337a506236601e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e6ec5b6adaf9a765b799b7c97337a506236601e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251025/9c6c2be4/attachment.htm>

More information about the debian-security-tracker-commits mailing list