Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 32b07d44 by Salvatore Bonaccorso at 2025-08-10T21:34:31+02:00 Update status for same class of issues with disputed security impact All of the issues are similar and from same reporter as for CVE-2025-45768, where the same argumets holds as back there provided by upstream in https://github.com/jpadilla/pyjwt/issues/1080 . Those CVEs might need to be rejected. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -637,9 +637,9 @@ CVE-2025-46387 (CWE-639 Authorization Bypass Through User-Controlled Key) CVE-2025-46386 (CWE-639 Authorization Bypass Through User-Controlled Key) NOT-FOR-US: Emby MediaBrowser CVE-2025-45766 (poco v1.14.1-release was discovered to contain weak encryption.) - - poco <undetermined> + - poco <unfixed> (unimportant) NOTE: https://github.com/pocoproject/poco/issues/4921 - TODO: check upstream status, might not be a bug in poco + NOTE: Negligible and disputed security impact CVE-2025-45764 (jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: thi ...) NOT-FOR-US: jsrsasign CVE-2025-3354 (IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulne ...) @@ -2026,8 +2026,9 @@ CVE-2025-50270 (A stored Cross Site Scripting (xss) vulnerability in the "conten CVE-2025-46809 (A Insertion of Sensitive Information into Log File vulnerability in SU ...) NOT-FOR-US: SUSE Multi Linux Manager CVE-2025-45770 (jwt v5.4.3 was discovered to contain weak encryption.) - - php-lcobucci-jwt <unfixed> + - php-lcobucci-jwt <unfixed> (unimportant) NOTE: https://github.com/lcobucci/jwt/security/advisories/GHSA-rp3h-65jh-3c3m + NOTE: Negligible security impact CVE-2025-45769 (php-jwt v6.11.0 was discovered to contain weak encryption.) NOT-FOR-US: php-jwt CVE-2025-41688 (A high privileged remote attacker can execute arbitrary OS commands us ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32b07d44f018cf6bd81631b0812a6045c541ffdc -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32b07d44f018cf6bd81631b0812a6045c541ffdc You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
