Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
00e50189 by Salvatore Bonaccorso at 2025-12-17T08:23:12+01:00
Add CVE-2025-68156/golang-github-antonmedv-expr
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -644,7 +644,11 @@ CVE-2025-68163 (In JetBrains TeamCity before 2025.11
stored XSS was possible on
CVE-2025-68162 (In JetBrains TeamCity before 2025.11 maven embedder allowed
loading ex ...)
NOT-FOR-US: JetBrains
CVE-2025-68156 (Expr is an expression language and expression evaluation for
Go. Prior ...)
- TODO: check
+ - golang-github-antonmedv-expr <undetermined>
+ NOTE:
https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6
+ NOTE: https://github.com/expr-lang/expr/pull/870
+ NOTE: Fixed by:
https://github.com/expr-lang/expr/commit/3dbda4bd9c2531a05fe0ea77a4bf4d7f294dc1da
(v1.17.7)
+ TODO: check, might be introduced later
CVE-2025-68155 (@vitejs/plugin-rs provides React Server Components (RSC)
support for V ...)
NOT-FOR-US: React Server Components (RSC) support plugin for Vite
CVE-2025-68154 (systeminformation is a System and OS information library for
node.js. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e5018913223f11de9e89cb018deff95affc604
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00e5018913223f11de9e89cb018deff95affc604
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
