Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aae147f2 by Salvatore Bonaccorso at 2025-06-02T22:24:10+02:00
Add two new issues in python-signxml
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,9 +31,13 @@ CVE-2025-49069 (Cross-Site Request Forgery (CSRF)
vulnerability in Cimatti Consu
CVE-2025-48996 (HAX open-apis provides microservice apis for HAX webcomponents
repo th ...)
NOT-FOR-US: HAX open-apis
CVE-2025-48995 (SignXML is an implementation of the W3C XML Signature standard
in Pyth ...)
- TODO: check
+ - python-signxml <unfixed>
+ NOTE:
https://github.com/XML-Security/signxml/security/advisories/GHSA-gmhf-gg8w-jw42
+ NOTE: Fixed by:
https://github.com/XML-Security/signxml/commit/1b501faaacf34cf978a52dbc6915ec11e27611cd
(v4.0.4)
CVE-2025-48994 (SignXML is an implementation of the W3C XML Signature standard
in Pyth ...)
- TODO: check
+ - python-signxml <unfixed>
+ NOTE:
https://github.com/XML-Security/signxml/security/advisories/GHSA-6vx8-pcwv-xhf4
+ NOTE: Fixed by:
https://github.com/XML-Security/signxml/commit/e3c0c2b82a3329a65d917830657649c98b8c7600
(v4.0.4)
CVE-2025-48990 (NeKernal is a free and open-source operating system stack.
Version 0.0 ...)
NOT-FOR-US: NeKernal
CVE-2025-48958 (Froxlor is open source server administration software. Prior
to versio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae147f21e4789cddee78de857ccb9611b67def9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aae147f21e4789cddee78de857ccb9611b67def9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
