Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
67d10f2f by Salvatore Bonaccorso at 2025-08-22T21:31:04+02:00
Add note for watcher and nova temporary entry
Actually it is more a hardening measure and does not warrant a CVE
assigned (not considered a security vulnerability) and thus might get
dropped from the list.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -462,6 +462,9 @@ CVE-2025-XXXX [OSSN-0094]
- watcher 14.0.0-3 (bug #1111692)
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0094
NOTE: https://bugs.launchpad.net/nova/+bug/2112187
+ NOTE: The swap volume, live migration and all Watcher APIs are admin
only so with
+ NOTE: default policy is only possible to create the inconsistent state
described in
+ NOTE: the OSSN-0094 if one has admin rights on the relevant OpenStack
project.
CVE-2025-9288 (Improper Input Validation vulnerability in sha.js allows Input
Data Ma ...)
- node-sha.js <unfixed> (bug #1111769)
NOTE:
https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67d10f2f641fbbfe505020907be1646759e5245c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67d10f2f641fbbfe505020907be1646759e5245c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
