Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0efd4b9e by Salvatore Bonaccorso at 2025-01-23T21:41:28+01:00
Add CVE-2025-22153/restrictedpython
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,7 +59,12 @@ CVE-2025-22768 (Cross-Site Request Forgery (CSRF)
vulnerability in Qwerty23 Rock
CVE-2025-22264 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: WordPress plugin
CVE-2025-22153 (RestrictedPython is a tool that helps to define a subset of
the Python ...)
- TODO: check
+ - restrictedpython <unfixed>
+ [bookworm] - restrictedpython <not-affected> (Vulnerable code
introduced later)
+ [bullseye] - restrictedpython <not-affected> (Vulnerable code
introduced later)
+ NOTE:
https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-gmj9-h825-chq2
+ NOTE: Introduced with:
https://github.com/zopefoundation/RestrictedPython/commit/688bec4711240cc9886006ae02886b667bfffc54
(6.0)
+ NOTE: Fixed by:
https://github.com/zopefoundation/RestrictedPython/commit/48a92c5bb617a647cffd0dadd4d5cfe626bcdb2f
(8.0)
CVE-2025-0648 (Unexpected server crash in database driver in M-Files Server
before 25 ...)
NOT-FOR-US: M-Files
CVE-2025-0637 (It has been found that the Beta10 software does not provide for
proper ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0efd4b9ecf8086b87e23db5d2a0d114c73651b6d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0efd4b9ecf8086b87e23db5d2a0d114c73651b6d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
