[Git][security-tracker-team/security-tracker][master] Add CVE-2025-54798/node-tmp

Thu, 07 Aug 2025 11:31:25 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6c1920e3 by Salvatore Bonaccorso at 2025-08-07T20:30:46+02:00
Add CVE-2025-54798/node-tmp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41,7 +41,10 @@ CVE-2025-54799 (Let's Encrypt client and ACME library 
written in Go (Lego). In v
        NOTE: 
https://github.com/go-acme/lego/security/advisories/GHSA-q82r-2j7m-9rv4
        NOTE: Fixed by: 
https://github.com/go-acme/lego/commit/238454b5f74f3cfcbb244ff0d0dc914a4ad44b96 
(v4.25.2)
 CVE-2025-54798 (tmp is a temporary file and directory creator for node.js. In 
versions ...)
-       TODO: check
+       - node-tmp <unfixed>
+       NOTE: 
https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6
+       NOTE: https://github.com/raszi/node-tmp/issues/207
+       NOTE: 
https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b
 (v0.2.4)
 CVE-2025-54788 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
        NOT-FOR-US: SuiteCRM
 CVE-2025-54786 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c1920e30fa5601b28ba86105b0c7db6e9c13df7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c1920e30fa5601b28ba86105b0c7db6e9c13df7
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to