Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d8f036f6 by Salvatore Bonaccorso at 2025-08-29T23:16:46+02:00
Add CVE-2025-58058/golang-github-ulikunitz-xz
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -313,7 +313,9 @@ CVE-2025-58062 (LSTM-Kirigaya's openmcp-client is a vscode
plugin for mcp develo
CVE-2025-58061 (OpenEBS Local PV RawFile allows dynamic deployment of Stateful
Persist ...)
NOT-FOR-US: OpenEBS
CVE-2025-58058 (xz is a pure golang package for reading and writing
xz-compressed file ...)
- TODO: check
+ - golang-github-ulikunitz-xz <unfixed>
+ NOTE:
https://github.com/ulikunitz/xz/security/advisories/GHSA-jc7w-c686-c4v9
+ NOTE:
https://github.com/ulikunitz/xz/commit/88ddf1d0d98d688db65de034f48960b2760d2ae2
(v0.5.14-rc.1)
CVE-2025-54777 (Uncaught exception issue exists in Multiple products in bizhub
series. ...)
NOT-FOR-US: buzhub
CVE-2025-54142 (Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling
via an OP ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8f036f6c5ca268d1179153fdab057abfc3a4632
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d8f036f6c5ca268d1179153fdab057abfc3a4632
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
