security/vuxml: Merge 2 entries for CUPS

Reported by: osa
2025-09-16 16:51:39 +02:00 · 2025-09-16 16:51:39 +02:00 · 817fbf37bf
parent 572a345f21
commit 817fbf37bf
1 changed files with 12 additions and 39 deletions
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@ -1,36 +1,3 @@
-  <vuln vid="b959f00c-92cc-11f0-a064-74563cf9e4e9">
-    <topic>CUPS -- multiple vulnerabilities</topic>
-    <affects>
-      <package>
-	<name>cups</name>
-	<range><lt>2.4.13</lt></range>
-      </package>
-    </affects>
-    <description>
-	<body xmlns="http://www.w3.org/1999/xhtml">
-	<p>OpenPrinting reports:</p>
-	<blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq">
-	  <p>When the AuthType is set to anything but Basic, if the request contains an
-	    Authorization: Basic ... header, the password is not checked.</p>
-	</blockquote>
-	<blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4">
-	  <p>An unsafe deserialization and validation of printer attributes, causes null
-	    dereference in libcups library.</p>
-	</blockquote>
-	</body>
-    </description>
-    <references>
-      <cvename>CVE-2025-58060</cvename>
-      <cvename>CVE-2025-58364</cvename>
-      <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq</url>
-      <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4</url>
-    </references>
-    <dates>
-      <discovery>2025-09-11</discovery>
-      <entry>2025-09-16</entry>
-    </dates>
-  </vuln>
-
  <vuln vid="f6ca7c47-9190-11f0-b8da-589cfc10a551">
    <topic>unit-java -- security vulnerability</topic>
    <affects>
@ -69,21 +36,27 @@
    </affects>
    <description>
 	<body xmlns="http://www.w3.org/1999/xhtml">
-	<p>SO-AND-SO reports:</p>
-	<blockquote cite="https://github.com/OpenPrinting/cups/releases/tag/v2.4.13">
-	  <p>The release 2.4.13 brings two CVE fixes - fix for important CVE-2025-58060
-	  and fix for moderate CVE-2025-58364, together with several bug fixes.</p>
+	<p>OpenPrinting reports:</p>
+	<blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq">
+	  <p>When the AuthType is set to anything but Basic, if the request contains an
+	    Authorization: Basic ... header, the password is not checked.</p>
+	</blockquote>
+	<blockquote cite="https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4">
+	  <p>An unsafe deserialization and validation of printer attributes, causes null
+	    dereference in libcups library.</p>
 	</blockquote>
 	</body>
    </description>
    <references>
      <cvename>CVE-2025-58060</cvename>
      <cvename>CVE-2025-58364</cvename>
-      <url>https://github.com/OpenPrinting/cups/releases/tag/v2.4.13</url>
+      <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq</url>
+      <url>https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4</url>
    </references>
    <dates>
-      <discovery>2025-09-12</discovery>
+      <discovery>2025-09-11</discovery>
      <entry>2025-09-12</entry>
+      <modified>2025-09-16</modified>
    </dates>
  </vuln>