Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7cf0408 by Sylvain Beucler at 2025-11-12T06:16:10+01:00
Revert "Mark CVE-2025-9905/keras as not-affected for bullseye"
This reverts commit 22b58c786fa4a6248cefdd194ed0f400964dddc0.
Reverting as discussed with utkarsh as he couldn't come up readily
with elements on this triage. Conversely the Lambda feature is
available in that version.
Marking as <ignored> instead as the safe_mode mechanism is not
available yet, as with CVE-2025-12058.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17828,7 +17828,7 @@ CVE-2025-9906 (The Keras Model.load_modelmethod can be
exploited to achieve arbi
NOTE: https://github.com/keras-team/keras/pull/21429
CVE-2025-9905 (The Keras Model.load_modelmethod can be exploited to achieve
arbitrary ...)
- keras <removed>
- [bullseye] - keras <not-affected> (Vulnerable code introduced later)
+ [bullseye] - keras <ignored> (safe_mode introduced in v2.12, only use
with trusted models)
NOTE: https://github.com/keras-team/keras/pull/21602
NOTE:
https://github.com/keras-team/keras/security/advisories/GHSA-36rr-ww3j-vrjv
CVE-2025-9081 (Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to
proper ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7cf04080c7a5556e4c4c00aa19d770cb3401103
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7cf04080c7a5556e4c4c00aa19d770cb3401103
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
