[Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-70952/libpf4j-java
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Mar 27 13:05:02 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
415622c5 by Salvatore Bonaccorso at 2026-03-27T14:04:26+01:00
Add Debian bug reference for CVE-2025-70952/libpf4j-java
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1328,7 +1328,7 @@ CVE-2026-1712 (Incorrect privilege assignment vulnerability in HYPR Server allow
CVE-2026-1001 (Domoticz versions prior to 2026.1 contain a stored cross-site scriptin ...)
- domoticz <itp> (bug #899058)
CVE-2025-70952 (pf4j before 20c2f80 has a path traversal vulnerability in the extract( ...)
- - libpf4j-java <unfixed>
+ - libpf4j-java <unfixed> (bug #1132032)
NOTE: https://github.com/pf4j/pf4j/issues/618
NOTE: https://github.com/pf4j/pf4j/issues/623
NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14 (release-3.14.1)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/415622c522065dc5c8ec263a1d4514fb88654d9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/415622c522065dc5c8ec263a1d4514fb88654d9c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/3014819e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list