[Git][security-tracker-team/security-tracker][master] CVE-2025-12816,CVE-2025-66030,CVE-2025-66031/node-node-forge: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Fri Jan 2 12:18:13 GMT 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cea3033e by Sylvain Beucler at 2026-01-02T13:17:26+01:00
CVE-2025-12816,CVE-2025-66030,CVE-2025-66031/node-node-forge: bullseye postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15517,10 +15517,12 @@ CVE-2025-66035 (Angular is a development platform for building mobile and deskto
 	TODO: check, might not affect 1.x versions of Angular, code is significantly diverging
 CVE-2025-66031 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
 	- node-node-forge <removed>
+	[bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies)
 	NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27
 	NOTE: https://github.com/digitalbazaar/forge/commit/260425c6167a38aae038697132483b5517b26451 (v1.3.2)
 CVE-2025-66030 (Forge (also called `node-forge`) is a native implementation of Transpo ...)
 	- node-node-forge <removed>
+	[bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies)
 	NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g
 	NOTE: https://github.com/digitalbazaar/forge/commit/3e0c35ace169cfca529a3e547a7848dc7bf57fdb (v1.3.2)
 CVE-2025-65202 (TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command inje ...)
@@ -16051,6 +16053,7 @@ CVE-2025-13467 (A flaw was found in the Keycloak LDAP User Federation provider.
 	- keycloak <itp> (bug #1088287)
 CVE-2025-12816 (An interpretation-conflict (CWE-436) vulnerability in node-forge versi ...)
 	- node-node-forge <removed>
+	[bullseye] - node-node-forge <postponed> (Minor issue, no reverse dependencies)
 	NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq
 	NOTE: Fixed by: https://github.com/digitalbazaar/forge/commit/a05dd812ec2de46ece35a11ab4b46c9d283d1505 (v1.3.2)
 	NOTE: https://github.com/digitalbazaar/forge/blob/235ad3e70e4fdfdca4fdeb662dfba6588e2c38bd/tests/security/cve-2025-12816.js (Tests added)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea3033e3981fa5b93e94792a825e6823b4d60ab

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cea3033e3981fa5b93e94792a825e6823b4d60ab
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/1b7da530/attachment.htm>

More information about the debian-security-tracker-commits mailing list