[Git][security-tracker-team/security-tracker][master] Add links to follow-up changes for CVE-{2024-8176,2025-59375}/expat

Thu Sep 25 05:44:50 BST 2025


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9e2f4e17 by Guilhem Moulin at 2025-09-25T06:44:25+02:00
Add links to follow-up changes for CVE-{2024-8176,2025-59375}/expat

>From 2.7.3, cf. //www.openwall.com/lists/oss-security/2025/09/24/11

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5513,6 +5513,8 @@ CVE-2025-59375 (libexpat in Expat before 2.7.2 allows attackers to trigger large
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/a6a2a49367f03f5d8a73c9027b45b59953ca27d8 (R_2_7_2)
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/d6246c31a1238d065b4d9690d3bac740326f6485 (R_2_7_2)
 	NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/a21a3a8299e1ee0b0ae5ae2886a0746d088cf135 (R_2_7_2)
+	NOTE: https://www.openwall.com/lists/oss-security/2025/09/24/11
+	NOTE: Follow-up: https://github.com/libexpat/libexpat/pull/1048 (R_2_7_3)
 CVE-2025-59364 (The express-xss-sanitizer (aka Express XSS Sanitizer) package through  ...)
 	NOT-FOR-US: Node express-xss-sanitizer
 CVE-2025-41713 (During a short time frame while the device is booting an unauthenticat ...)
@@ -63496,6 +63498,8 @@ CVE-2024-8176 (A stack overflow vulnerability exists in the libexpat library due
 	NOTE: https://github.com/libexpat/libexpat/issues/893
 	NOTE: https://github.com/libexpat/libexpat/pull/973
 	NOTE: CentOS stream backport for 2.5.0: https://gitlab.com/redhat/centos-stream/rpms/expat/-/blob/c9s/expat-2.5.0-CVE-2024-8176.patch
+	NOTE: https://www.openwall.com/lists/oss-security/2025/09/24/11
+	NOTE: Follow-up: https://github.com/libexpat/libexpat/pull/1059 (R_2_7_3)
 CVE-2025-30022 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was discovered to c ...)
 	NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
 CVE-2025-2289 (The Zegen - Church WordPress Theme theme for WordPress is vulnerable t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2f4e174fbac1381b8a6f07b69bbda2c50f1759

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2f4e174fbac1381b8a6f07b69bbda2c50f1759
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250925/9d0402df/attachment-0001.htm>
