[Git][security-tracker-team/security-tracker][master] Add links to follow-up changes for CVE-{2024-8176,2025-59375}/expat

Wed, 24 Sep 2025 21:44:58 -0700 


Guilhem Moulin pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
9e2f4e17 by Guilhem Moulin at 2025-09-25T06:44:25+02:00
Add links to follow-up changes for CVE-{2024-8176,2025-59375}/expat

>From 2.7.3, cf. //www.openwall.com/lists/oss-security/2025/09/24/11

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5513,6 +5513,8 @@ CVE-2025-59375 (libexpat in Expat before 2.7.2 allows 
attackers to trigger large
        NOTE: Fixed by: 
https://github.com/libexpat/libexpat/commit/a6a2a49367f03f5d8a73c9027b45b59953ca27d8
 (R_2_7_2)
        NOTE: Fixed by: 
https://github.com/libexpat/libexpat/commit/d6246c31a1238d065b4d9690d3bac740326f6485
 (R_2_7_2)
        NOTE: Fixed by: 
https://github.com/libexpat/libexpat/commit/a21a3a8299e1ee0b0ae5ae2886a0746d088cf135
 (R_2_7_2)
+       NOTE: https://www.openwall.com/lists/oss-security/2025/09/24/11
+       NOTE: Follow-up: https://github.com/libexpat/libexpat/pull/1048 
(R_2_7_3)
 CVE-2025-59364 (The express-xss-sanitizer (aka Express XSS Sanitizer) package 
through  ...)
        NOT-FOR-US: Node express-xss-sanitizer
 CVE-2025-41713 (During a short time frame while the device is booting an 
unauthenticat ...)
@@ -63496,6 +63498,8 @@ CVE-2024-8176 (A stack overflow vulnerability exists in 
the libexpat library due
        NOTE: https://github.com/libexpat/libexpat/issues/893
        NOTE: https://github.com/libexpat/libexpat/pull/973
        NOTE: CentOS stream backport for 2.5.0: 
https://gitlab.com/redhat/centos-stream/rpms/expat/-/blob/c9s/expat-2.5.0-CVE-2024-8176.patch
+       NOTE: https://www.openwall.com/lists/oss-security/2025/09/24/11
+       NOTE: Follow-up: https://github.com/libexpat/libexpat/pull/1059 
(R_2_7_3)
 CVE-2025-30022 (CM Soluces Informatica Ltda Auto Atendimento 1.x.x was 
discovered to c ...)
        NOT-FOR-US: CM Soluces Informatica Ltda Auto Atendimento
 CVE-2025-2289 (The Zegen - Church WordPress Theme theme for WordPress is 
vulnerable t ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2f4e174fbac1381b8a6f07b69bbda2c50f1759

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2f4e174fbac1381b8a6f07b69bbda2c50f1759
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to