[Git][security-tracker-team/security-tracker][master] Add CVE-2025-70888/osslsigncode
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 27 06:55:26 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
650a5e30 by Salvatore Bonaccorso at 2026-03-27T07:53:47+01:00
Add CVE-2025-70888/osslsigncode
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1318,7 +1318,10 @@ CVE-2026-1001 (Domoticz versions prior to 2026.1 contain a stored cross-site scr
CVE-2025-70952 (pf4j before 20c2f80 has a path traversal vulnerability in the extract( ...)
TODO: check
CVE-2025-70888 (An issue in mtrojnar Osslsigncode affected at v2.10 and before allows ...)
- TODO: check
+ - osslsigncode 2.11-1
+ NOTE: https://github.com/mtrojnar/osslsigncode/issues/475
+ NOTE: https://github.com/mtrojnar/osslsigncode/pull/477
+ NOTE: Fixed by: https://github.com/mtrojnar/osslsigncode/commit/d787541107d4c7d43e411b18b209f125632718cd (2.11)
CVE-2025-70887 (An issue in ralphje Signify before v.0.9.2 allows a remote attacker to ...)
TODO: check
CVE-2025-69358 (Missing Authorization vulnerability in Metagauss EventPrime eventprime ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/650a5e30c01e60f37df967c2c5b4439dba4917da
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/650a5e30c01e60f37df967c2c5b4439dba4917da
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/8145338c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list