Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0fbcc889 by Salvatore Bonaccorso at 2025-05-11T07:07:46+02:00
Update information on CVE-2025-4382
Note since when it is possible to build with blocking the command line
interface at build time. Entering rescue mode is present before, so the
underlying vulnerability might still be considered present before that.
Keept the previous added todo item to clarify how we want to handle the
CVE scope.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -186,6 +186,8 @@ CVE-2025-4382 (A flaw was found in systems utilizing
LUKS-encrypted disks with G
NOTE:
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=301b4ef25a8fafaeba48498e97efd28bd2809f97
NOTE:
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=dbc0eb5bd1f40de9b394e3a86e84f46c39a23e40
NOTE:
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=73d1c959ea3417e9309ba8c6102d7d6dc7c94259
+ NOTE: Option to block command line interface at build time introduced
with:
+ NOTE:
https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=bb65d81fe320e4b20d0a9b32232a7546eb275ecc
TODO: double check if vulnerability only considered present after
grub_is_cli_disabled is introduced
CVE-2025-4377 (Improper Limitation of a Pathname caused a Path Traversal
vulnerabilit ...)
NOT-FOR-US: Sparx Systems Pro Cloud Server
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbcc8894364ef07531e8c9254b930c537922f29
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0fbcc8894364ef07531e8c9254b930c537922f29
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
