Source: golang-github-go-viper-mapstructure Version: 2.2.1-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for golang-github-go-viper-mapstructure. CVE-2025-11065[0]: | May Leak Sensitive Information in Logs FWIW, there is as well an earlier such issue but with no CVE assignment. So it might simply be best to rebase to 2.4.0 for forky and unstable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-11065 https://www.cve.org/CVERecord?id=CVE-2025-11065 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2391829 [2] https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm [3] https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c Please adjust the affected versions in the BTS as needed. Regards, Salvatore
