[Git][security-tracker-team/security-tracker][master] Mark CVE-2025-7425/libxslt as no-dsa
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 30 22:13:25 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
69d4c36a by Salvatore Bonaccorso at 2025-09-30T23:12:55+02:00
Mark CVE-2025-7425/libxslt as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26039,6 +26039,8 @@ CVE-2025-53861 (A flaw was found in Ansible. Sensitive cookies without security
NOT-FOR-US: Ansible Automation Platform
CVE-2025-7425 (A flaw was found in libxslt where the attribute type, atype, flags are ...)
- libxslt <unfixed> (bug #1109122)
+ [trixie] - libxslt <no-dsa> (Mitigation via libxml2 applied in DSA; wait until fixed upstream)
+ [bookworm] - libxslt <no-dsa> (Mitigation via libxml2 applied in DSA; wait until fixed upstream)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2379274
NOTE: https://gitlab.gnome.org/GNOME/libxslt/-/issues/140
NOTE: While the issue is underlying in libxslt (and the CVE assigned for it), a
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69d4c36a6aa92027c322159adf62df87715d5ae6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69d4c36a6aa92027c322159adf62df87715d5ae6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250930/ee3fa87b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list