Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
34acb127 by Salvatore Bonaccorso at 2026-03-27T09:13:44+01:00
Add CVE-2025-70952/libpf4j-java
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1326,7 +1326,10 @@ CVE-2026-1712 (Incorrect privilege assignment
vulnerability in HYPR Server allow
CVE-2026-1001 (Domoticz versions prior to 2026.1 contain a stored cross-site
scriptin ...)
- domoticz <itp> (bug #899058)
CVE-2025-70952 (pf4j before 20c2f80 has a path traversal vulnerability in the
extract( ...)
- TODO: check
+ - libpf4j-java <unfixed>
+ NOTE: https://github.com/pf4j/pf4j/issues/618
+ NOTE: https://github.com/pf4j/pf4j/issues/623
+ NOTE: Fixed by:
https://github.com/pf4j/pf4j/commit/20c2f80089d1ea779e22c2de5f109a0bce4e1b14
(release-3.14.1)
CVE-2025-70888 (An issue in mtrojnar Osslsigncode affected at v2.10 and before
allows ...)
- osslsigncode 2.11-1
NOTE: https://github.com/mtrojnar/osslsigncode/issues/475
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34acb1271cbc0db632da62e7426d86e05d407454
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34acb1271cbc0db632da62e7426d86e05d407454
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
