Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
30cb0a92 by Salvatore Bonaccorso at 2025-04-21T16:38:05+02:00
Update status for CVE-2025-29923
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11261,12 +11261,11 @@ CVE-2025-2311 (Incorrect Use of Privileged APIs,
Cleartext Transmission of Sensi
CVE-2025-29980 (A SQL injection issue has been discovered in eTRAKiT.net
release 3.2.1 ...)
NOT-FOR-US: eTRAKiT.net
CVE-2025-29923 (go-redis is the official Redis client library for the Go
programming l ...)
- - golang-github-go-redis-redis <unfixed>
- [bullseye] - golang-github-go-redis-redis <postponed> (Minor issue,
workaround exists)
+ - golang-github-go-redis-redis <not-affected> (Vulnerable code
introduced later)
NOTE:
https://github.com/redis/go-redis/security/advisories/GHSA-92cp-5422-2mw7
NOTE: https://github.com/redis/go-redis/pull/3295
+ NOTE: Introduced with:
https://github.com/redis/go-redis/commit/5da49b1abaef3bc65acae10debdbc72d7f5f32a1
(v9.5.1)
NOTE: Fixed by:
https://github.com/redis/go-redis/commit/d236865b0cfa1b752ea4b7da666b1fdcd0acebb6
- TODO: research introducing commit, might be post 9.5.1
CVE-2025-29922 (kcp is a Kubernetes-like control plane for form-factors and
use-cases ...)
NOT-FOR-US: kcp Kubernetes control plane
CVE-2025-29914 (OWASP Coraza WAF is a golang modsecurity compatible web
application fi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30cb0a92811f2ce9fe052ea9a8d38e3fdaa65274
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/30cb0a92811f2ce9fe052ea9a8d38e3fdaa65274
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
