Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: f44d06c7 by Salvatore Bonaccorso at 2025-09-08T23:15:35+02:00 Revert "Partially revert changes for CVE-2025-53537" This reverts commit e2a6b67dde447b615a984bc93d6fb8cfb366b293. Upstream confirmed they consider the oss-fuzz provided range as where the issue was introduced. Which points to https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c as introductory commit. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -13622,9 +13622,11 @@ CVE-2025-53942 (authentik is an open-source Identity Provider that emphasizes fl CVE-2025-53537 (LibHTP is a security-aware parser for the HTTP protocol and its relate ...) - libhtp 1:0.5.51-1 (bug #1109838) [trixie] - libhtp <no-dsa> (Minor issue) + [bookworm] - libhtp <not-affected> (Vulnerable code introduced later) [bullseye] - libhtp <not-affected> (Vulnerable code introduced later) NOTE: https://redmine.openinfosecfoundation.org/issues/7766 NOTE: https://github.com/OISF/libhtp/security/advisories/GHSA-v3qq-h8mh-vph7 + NOTE: Introduced by: https://github.com/OISF/libhtp/commit/226580d502ae98c148aaecc4846f78694b5e253c (0.5.50) NOTE: Fixed by: https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7 (0.5.51) CVE-2025-4976 (An issue has been discovered in GitLab EE affecting all versions from ...) - gitlab <unfixed> View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44d06c7e9b7b9e35d915556ce2450b947c36f99 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f44d06c7e9b7b9e35d915556ce2450b947c36f99 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
