Activity · Eclipse Projects Security / cve-assignement

1 week ago

closed issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

1 week ago

Kairo de Araujo @kairo

commented on issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

CVE CVE-2025-4949 is published.

1 week ago

Kairo de Araujo @kairo

commented on issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

Ok, I'll use the suggestion above

1 week ago

Matthias Sohn @msohn

commented on issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

I don't know how to translate CVSS 3.1 to 4

1 week ago

Kairo de Araujo @kairo

commented on issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

Here is the CVSS4 suggestion: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green

1 week ago

Kairo de Araujo @kairo

commented on issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

In order to published the CVE, can you please translate the CVSS3.1 to CVSS4...

1 week ago

Matthias Sohn @msohn

commented on issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

yes, please

1 week ago

Mikaël Barbero @mbarbero

commented on issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

We will use CVE-2025-4949 for this one. It's currently only reserved. As the fix has been already published, should we publish the CVE as well?

2 weeks ago

Matthias Sohn @msohn

opened issue #64 "CVE for https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281" at Eclipse Projects Security / cve-assignement

2 weeks ago

Tiago Lucas @tiagolucas

closed issue #61 "technology.openj9 Fix call to propsfile_read_text buffer length calculation" at Eclipse Projects Security / cve-assignement

2 weeks ago

Peter Shipton @pshipton

commented on issue #61 "technology.openj9 Fix call to propsfile_read_text buffer length calculation" at Eclipse Projects Security / cve-assignement

Thanks, this can be made non confidential and closed.

2 weeks ago

Tiago Lucas @tiagolucas

commented on issue #61 "technology.openj9 Fix call to propsfile_read_text buffer length calculation" at Eclipse Projects Security / cve-assignement

The CVE entry was created: https://www.cve.org/cverecord?id=CVE-2025-4447 @pshipton Anything else we can do on this topic?

2 weeks ago

Peter Shipton @pshipton

commented on issue #61 "technology.openj9 Fix call to propsfile_read_text buffer length calculation" at Eclipse Projects Security / cve-assignement

@tiagolucas any update?

2 weeks ago

Tiago Lucas @tiagolucas

commented on issue #61 "technology.openj9 Fix call to propsfile_read_text buffer length calculation" at Eclipse Projects Security / cve-assignement

Yes it will.

2 weeks ago

Peter Shipton @pshipton

commented on issue #61 "technology.openj9 Fix call to propsfile_read_text buffer length calculation" at Eclipse Projects Security / cve-assignement

@tiagolucas will it be published today?

3 weeks ago

Peter Shipton @pshipton

commented on issue #61 "technology.openj9 Fix call to propsfile_read_text buffer length calculation" at Eclipse Projects Security / cve-assignement

Sorry, yes, it's ready to be published.