[Git][security-tracker-team/security-tracker][master] Add two new netty issues

Tue, 11 Feb 2025 00:50:58 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e469687b by Salvatore Bonaccorso at 2025-02-11T09:50:24+01:00
Add two new netty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,13 +5,17 @@ CVE-2025-25241 (Due to a missing authorization check, an 
attacker who is logged
 CVE-2025-25194 (Lemmy, a link aggregator and forum for the fediverse, is 
vulnerable to ...)
        NOT-FOR-US: Lemmy
 CVE-2025-25193 (Netty, an asynchronous, event-driven network application 
framework, ha ...)
-       TODO: check
+       - netty <unfixed>
+       NOTE: 
https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
+       NOTE: Fixed by: 
https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386 
(netty-4.1.118.Final)
 CVE-2025-25190 (The ZOO-Project is an open source processing platform. The 
ZOO-Project ...)
        NOT-FOR-US: ZOO-Project
 CVE-2025-25189 (The ZOO-Project is an open source processing platform. A 
reflected Cro ...)
        NOT-FOR-US: ZOO-Project
 CVE-2025-24970 (Netty, an asynchronous, event-driven network application 
framework, ha ...)
-       TODO: check
+       - netty <unfixed>
+       NOTE: 
https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw
+       NOTE: Fixed by: 
https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4 
(netty-4.1.118.Final)
 CVE-2025-24876 (The SAP Approuter Node.js package version v16.7.1 and before 
is vulner ...)
        NOT-FOR-US: SAP
 CVE-2025-24875 (SAP Commerce, by default, sets certain cookies with the 
SameSite attri ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e469687b5c87c4b50ecb13487c2e70683bac693a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e469687b5c87c4b50ecb13487c2e70683bac693a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to