[Git][security-tracker-team/security-tracker][master] Track two more CVE fixes for vega.js addressed via unstable upload

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Apr 5 21:38:22 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fbb421e8 by Salvatore Bonaccorso at 2026-04-05T22:26:08+02:00
Track two more CVE fixes for vega.js addressed via unstable upload

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39694,7 +39694,7 @@ CVE-2025-66648 (vega-functions provides function implementations for the Vega ex
 	- vega.js 5.33.1+ds+~cs5.3.0-2 (bug #1125185)
 	NOTE: https://github.com/vega/vega/security/advisories/GHSA-m9rg-mr6g-75gm
 CVE-2025-65110 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	- vega.js <unfixed> (bug #1125184)
+	- vega.js 5.33.1+ds+~cs5.3.0-4 (bug #1125184)
 	NOTE: https://github.com/vega/vega/security/advisories/GHSA-829q-m3qg-ph8r
 CVE-2025-64425 (Coolify is an open-source and self-hostable tool for managing servers, ...)
 	NOT-FOR-US: Coolify
@@ -60770,7 +60770,7 @@ CVE-2025-60672 (An unauthenticated command injection vulnerability exists in the
 CVE-2025-60671 (A command injection vulnerability exists in the D-Link DIR-823G router ...)
 	NOT-FOR-US: D-Link
 CVE-2025-59840 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	- vega.js <unfixed> (bug #1125183)
+	- vega.js 5.33.1+ds+~cs5.3.0-4 (bug #1125183)
 	NOTE: https://github.com/vega/vega/security/advisories/GHSA-7f2v-3qq3-vvjf
 CVE-2025-59480 (Mattermost Mobile Apps versions <=2.32.0 fail to verify that SSO redir ...)
 	NOT-FOR-US: Mattermost Mobile Apps



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb421e84fa84276e41ed609e8d9cfee63e4b653

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fbb421e84fa84276e41ed609e8d9cfee63e4b653
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260405/34d58776/attachment.htm>

More information about the debian-security-tracker-commits mailing list