Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: a24bd6b8 by Tobias Frost at 2025-05-31T19:56:22+02:00 CVE-2025-43929/kitty not affecting bullseye The vulnerable code has been introduced with commit https://github.com/kovidgoyal/kitty/commit/1454af2d416f0eb738c2268ee3297cacb0215dd0, first seen in tag v0.24.2 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -12244,8 +12244,10 @@ CVE-2025-3823 (A vulnerability classified as problematic has been found in Sourc NOT-FOR-US: SourceCodester CVE-2025-43929 (open_actions.py in kitty before 0.41.0 does not ask for user confirmat ...) - kitty 0.41.1-1 (bug #1103691) + [bullseye] - kitty <not-affected> (vulnerable code introduced later) NOTE: https://github.com/kovidgoyal/kitty/commit/ce5cfdd9caf44c538af800a07162e1f49bd53c35 (v0.41.0) NOTE: PoC: https://github.com/0xBenCantCode/CVE-2025-43929 + NOTE: Vulernable code introduced with commit https://github.com/kovidgoyal/kitty/commit/1454af2d (v0.24.2) CVE-2025-43928 (In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on ...) NOT-FOR-US: Media Relay Service web service CVE-2025-43921 (GNU Mailman 2.1.39, as bundled in cPanel (and WHM), allows unauthentic ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24bd6b8856697568d9062db053aff8bd23a8734 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a24bd6b8856697568d9062db053aff8bd23a8734 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
