Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e5c81706 by Salvatore Bonaccorso at 2025-12-19T21:21:57+01:00
Add CVE-2025-68161/apache-log4j2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -161,7 +161,9 @@ CVE-2025-68381 (Improper Bounds Check (CWE-787) in
Packetbeat can allow a remote
CVE-2025-68279 (Weblate is a web based localization tool. In versions prior to
5.15.1, ...)
NOT-FOR-US: Weblate
CVE-2025-68161 (The Socket Appender in Apache Log4j Core versions 2.0-beta9
through 2. ...)
- TODO: check
+ - apache-log4j2 <unfixed>
+ NOTE: https://github.com/apache/logging-log4j2/pull/4002
+ NOTE: https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx
CVE-2025-67846 (The Deployment Infrastructure in Mintlify Platform before
2025-11-15 a ...)
NOT-FOR-US: Deployment Infrastructure in Mintlify Platform
CVE-2025-67845 (A Directory Traversal vulnerability in the Static Asset Proxy
Endpoint ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5c81706785071339db3dc3f2e467bcab027617c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5c81706785071339db3dc3f2e467bcab027617c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
