git: 8fa77d4f3c76 - main - security/vuxml: Record textproc/goldendict vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 28 Sep 2025 15:55:51 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=8fa77d4f3c76ca00c21c02bad59d2e973057d4e6
commit 8fa77d4f3c76ca00c21c02bad59d2e973057d4e6
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2025-09-28 15:55:04 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2025-09-28 15:55:04 +0000
security/vuxml: Record textproc/goldendict vulnerability
---
security/vuxml/vuln/2025.xml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 814b762baa8d..0f586a2d9486 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,32 @@
+ <vuln vid="4ccd6222-9c83-11f0-a337-b42e991fc52e">
+ <topic>goldendict -- dangerous method exposed</topic>
+ <affects>
+ <package>
+ <name>goldendict</name>
+ <range><lt>1.5.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>cve@mitre.org reports:</p>
+ <blockquote cite="https://github.com/goldendict/goldendict/releases">
+ <p>GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous
+ method that allows reading and modifying files when a user
+ adds a crafted dictionary and then searches for any term
+ included in that dictionary.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-53964</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2025-53964</url>
+ </references>
+ <dates>
+ <discovery>2025-07-17</discovery>
+ <entry>2025-09-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3bf134f4-942d-11f0-95de-0800276af896">
<topic>libudisks -- Udisks: out-of-bounds read in udisks daemon</topic>
<affects>