[Git][security-tracker-team/security-tracker][master] Add findings for CVE-2025-25293

Wed, 26 Mar 2025 19:36:45 -0700 


Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c580a634 by Daniel Leidert at 2025-03-27T03:29:27+01:00
Add findings for CVE-2025-25293

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3339,8 +3339,13 @@ CVE-2025-2104 (The Page Builder: Pagelayer \u2013 Drag 
and Drop website builder
 CVE-2025-25293 (ruby-saml provides security assertion markup language (SAML) 
single si ...)
        - ruby-saml <unfixed> (bug #1100441)
        NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-92rq-c8cf-prrq
-       NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
 (v1.18.0)
+       NOTE: Vulnerability might be the result of an incomplete fix for a 
zipbomb attack.
+       NOTE: https://github.com/SAML-Toolkits/ruby-saml/pull/383 (v1.12.0)
+       NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/commit/533c84ebfc40f8cbac645b6c76ce4949f95d27d6
 (v1.12.0)
        NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/commit/e2da4c6dae7dc01a4d9cd221395140a67e2b3eb1
 (v1.12.4)
+       NOTE: https://github.com/SAML-Toolkits/ruby-saml/pull/601 
(v1.13.0..v1.18.0)
+       NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/commit/c21d6935b43a032701d99e398cbfc551e80bfb72
 (v1.13.0)
+       NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/commit/acac9e9cc0b9a507882c614f25d41f8b47be349a
 (v1.18.0)
 CVE-2025-25292 (ruby-saml provides security assertion markup language (SAML) 
single si ...)
        - ruby-saml <unfixed> (bug #1100441)
        NOTE: 
https://github.com/SAML-Toolkits/ruby-saml/security/advisories/GHSA-754f-8gm6-c4r2



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c580a634a50d2ff77045e01e26449bb424f15207

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c580a634a50d2ff77045e01e26449bb424f15207
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to