[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a5a1039 by Moritz Muehlenhoff at 2025-04-03T22:33:54+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -127,17 +127,17 @@ CVE-2025-31541 (Missing Authorization vulnerability in turitop TuriTop Booking S
 CVE-2025-31536 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31489 (MinIO is a High Performance Object Storage released under GNU Affero G ...)
-	TODO: check
+	- minio <itp> (bug #859207)
 CVE-2025-31487 (The XWiki JIRA extension provides various integration points between X ...)
-	TODO: check
+	NOT-FOR-US: XWiki addon
 CVE-2025-31486 (Vite is a frontend tooling framework for javascript. The contents of a ...)
-	TODO: check
+	- node-vite <itp> (bug #1053782)
 CVE-2025-31485 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
-	TODO: check
+	NOT-FOR-US: API Platform Core
 CVE-2025-31483 (Miniflux is a feed reader. Due to a weak Content Security Policy on th ...)
-	TODO: check
+	NOT-FOR-US: Miniflux
 CVE-2025-31481 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
-	TODO: check
+	NOT-FOR-US: API Platform Core
 CVE-2025-31468 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31467 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -147,15 +147,15 @@ CVE-2025-31442 (Improper Neutralization of Input During Web Page Generation ('Cr
 CVE-2025-31436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-31161 (CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication b ...)
-	TODO: check
+	NOT-FOR-US: CrushFTP
 CVE-2025-31127 (Element X Android is a Matrix Android Client provided by element.io. I ...)
-	TODO: check
+	NOT-FOR-US: Element X Android client
 CVE-2025-31126 (Element X iOS is a Matrix iOS Client provided by Element. In Element X ...)
-	TODO: check
+	NOT-FOR-US: Element X iOS client
 CVE-2025-31119 (generator-jhipster-entity-audit is a JHipster module to enable entity  ...)
-	TODO: check
+	NOT-FOR-US: generator-jhipster-entity-audit
 CVE-2025-31098 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: DeBounce Email Validator
 CVE-2025-31091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	TODO: check
 CVE-2025-30916 (Missing Authorization vulnerability in enituretechnology Residential A ...)
@@ -223,7 +223,7 @@ CVE-2024-45198 (insightsoftware Spark JDBC 2.6.21 has a remote code execution vu
 CVE-2024-22611 (OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\clas ...)
 	NOT-FOR-US: OpenEMR
 CVE-2023-47639 (API Platform Core is a system to create hypermedia-driven REST and Gra ...)
-	TODO: check
+	NOT-FOR-US: API Platform Core
 CVE-2025-31115 (XZ Utils provide a general-purpose data-compression library plus comma ...)
 	- xz-utils <unfixed>
 	[bullseye] - xz-utils <not-affected> (Vulnerable code introduce later)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a5a1039d48292462baece7d8c0dcb58555f87db

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a5a1039d48292462baece7d8c0dcb58555f87db
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250403/e15d9aa2/attachment-0001.htm>