[Git][security-tracker-team/security-tracker][master] Add CVE-2025-70952/libpf4j-java
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 27 08:14:07 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
34acb127 by Salvatore Bonaccorso at 2026-03-27T09:13:44+01:00
Add CVE-2025-70952/libpf4j-java
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1326,7 +1326,10 @@ CVE-2026-1712 (Incorrect privilege assignment vulnerability in HYPR Server allow
CVE-2026-1001 (Domoticz versions prior to 2026.1 contain a stored cross-site scriptin ...)
- domoticz <itp> (bug #899058)
CVE-2025-70952 (pf4j before 20c2f80 has a path traversal vulnerability in the extract( ...)
- TODO: check
+ - libpf4j-java <unfixed>
+ NOTE: https://github.com/pf4j/pf4j/issues/618
+ NOTE: https://github.com/pf4j/pf4j/issues/623
+ NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14 (release-3.14.1)
CVE-2025-70888 (An issue in mtrojnar Osslsigncode affected at v2.10 and before allows ...)
- osslsigncode 2.11-1
NOTE: https://github.com/mtrojnar/osslsigncode/issues/475
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34acb1271cbc0db632da62e7426d86e05d407454
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34acb1271cbc0db632da62e7426d86e05d407454
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/1aaae2bd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list