[Git][security-tracker-team/security-tracker][master] 9 commits: Remove notes from CVE-2025-0313

Wed Apr 16 19:53:09 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1efa719f by Salvatore Bonaccorso at 2025-04-16T20:45:15+02:00
Remove notes from CVE-2025-0313

This was a duplicate of CVE-2024-12055 and got rejected.

- - - - -
48a2cc92 by Salvatore Bonaccorso at 2025-04-16T20:46:02+02:00
Remove notes from CVE-2024-9901

The CVE got rejected as it was a duplicate of CVE-2024-48057.

- - - - -
5abdb32e by Salvatore Bonaccorso at 2025-04-16T20:46:51+02:00
Remove notes from CVE-2024-9840

The CVE got rejected as it was a duplicate of CVE-2024-53981.

- - - - -
f1681f92 by Salvatore Bonaccorso at 2025-04-16T20:47:36+02:00
Remove notes from CVE-2024-9016

The CVE got rejected as it was a duplicate of CVE-2024-45595

- - - - -
19aa2407 by Salvatore Bonaccorso at 2025-04-16T20:48:28+02:00
Remove notes from CVE-2024-7999

The CVE got rejected as it was a duplicate of CVE-2024-53981.

- - - - -
a235d46b by Salvatore Bonaccorso at 2025-04-16T20:49:22+02:00
Remove notes from CVE-2024-7773

The CVE got rejected as it was a duplicate of CVE-2024-45436.

- - - - -
baf4a63c by Salvatore Bonaccorso at 2025-04-16T20:50:13+02:00
Remove notes from CVE-2024-12868

The CVE got rejected as it was a duplicate of CVE-2024-47874.

- - - - -
2cf213b1 by Salvatore Bonaccorso at 2025-04-16T20:51:26+02:00
Remove notes from two CVEs

They were found to be duplicates of the same product.

- - - - -
6d473154 by Salvatore Bonaccorso at 2025-04-16T20:52:14+02:00
Remove notes from CVE-2024-11040

The CVE got rejected as it was found to be a duplicate of CVE-2024-8939.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9728,7 +9728,6 @@ CVE-2025-0315 (A vulnerability in ollama/ollama <=0.3.14 allows a malicious user
 	- ollama <itp> (bug #1094806)
 CVE-2025-0313
 	REJECTED
-	- ollama <itp> (bug #1094806)
 CVE-2025-0312 (A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious  ...)
 	- ollama <itp> (bug #1094806)
 CVE-2025-0281 (A stored cross-site scripting (XSS) vulnerability exists in lunary-ai/ ...)
@@ -9761,7 +9760,6 @@ CVE-2024-9919 (A missing authentication check in the uninstall endpoint of paris
 	NOT-FOR-US: parisneo/lollms-webui
 CVE-2024-9901
 	REJECTED
-	NOT-FOR-US: LocalAI
 CVE-2024-9900 (mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) v ...)
 	NOT-FOR-US: LocalAI
 CVE-2024-9880
@@ -9770,7 +9768,6 @@ CVE-2024-9847 (FlatPress CMS version latest is vulnerable to Cross-Site Request
 	- flatpress <itp> (bug #466297)
 CVE-2024-9840
 	REJECTED
-	NOT-FOR-US: open-webui/open-webui
 CVE-2024-9701 (A Remote Code Execution (RCE) vulnerability has been identified in the ...)
 	NOT-FOR-US: Kedro
 CVE-2024-9699 (A vulnerability in the file upload functionality of the FlatPress CMS  ...)
@@ -9835,7 +9832,6 @@ CVE-2024-9052
 	REJECTED
 CVE-2024-9016
 	REJECTED
-	NOT-FOR-US: man-group/dtale
 CVE-2024-9000 (In lunary-ai/lunary before version 1.4.26, the checklists.post() endpo ...)
 	NOT-FOR-US: lunary-ai/lunary
 CVE-2024-8999 (lunary-ai/lunary version v1.4.25 contains an improper access control v ...)
@@ -9956,7 +9952,6 @@ CVE-2024-8017 (An XSS vulnerability exists in open-webui/open-webui versions <=
 	NOT-FOR-US: open-webui/open-webui
 CVE-2024-7999
 	REJECTED
-	NOT-FOR-US: open-webui/open-webui
 CVE-2024-7990 (A stored cross-site scripting (XSS) vulnerability exists in open-webui ...)
 	NOT-FOR-US: open-webui/open-webui
 CVE-2024-7983 (In version 0.3.8 of open-webui, an endpoint for converting markdown to ...)
@@ -9985,7 +9980,6 @@ CVE-2024-7776 (A vulnerability in the `download_model` function of the onnx/onnx
 	NOTE: cherry picks of fixes: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)
 CVE-2024-7773
 	REJECTED
-	- ollama <itp> (bug #1094806)
 CVE-2024-7771 (A vulnerability in the Dockerized version of mintplex-labs/anything-ll ...)
 	NOT-FOR-US: anything-llm
 CVE-2024-7768 (A vulnerability in the `/3/ImportFiles` endpoint of h2oai/h2o-3 versio ...)
@@ -10117,7 +10111,6 @@ CVE-2024-12869 (In infiniflow/ragflow version v0.12.0, there is an improper auth
 	NOT-FOR-US: infiniflow/ragflow
 CVE-2024-12868
 	REJECTED
-	NOT-FOR-US: open-webui/open-webui
 CVE-2024-12866 (A local file inclusion vulnerability exists in netease-youdao/qanythin ...)
 	NOT-FOR-US: netease-youdao/qanything
 CVE-2024-12864 (A Denial of Service (DoS) vulnerability was discovered in the file upl ...)
@@ -10138,10 +10131,8 @@ CVE-2024-12761 (A Denial of Service (DoS) vulnerability exists in the brycedrenn
 	NOT-FOR-US: brycedrennan/imaginairy
 CVE-2024-12760
 	REJECTED
-	NOT-FOR-US: bentoml/bentoml
 CVE-2024-12759
 	REJECTED
-	NOT-FOR-US: bentoml/bentoml
 CVE-2024-12720 (A Regular Expression Denial of Service (ReDoS) vulnerability was ident ...)
 	NOT-FOR-US: huggingface/transformers
 CVE-2024-12704 (A vulnerability in the LangChainLLM class of the run-llama/llama_index ...)
@@ -10250,7 +10241,6 @@ CVE-2024-11041 (vllm-project vllm version v0.6.2 contains a vulnerability in the
 	- vllm <itp> (bug #1095237)
 CVE-2024-11040
 	REJECTED
-	- vllm <itp> (bug #1095237)
 CVE-2024-11039 (A pickle deserialization vulnerability exists in the Latex English err ...)
 	NOT-FOR-US: binary-husky/gpt_academic
 CVE-2024-11037 (A path traversal vulnerability exists in binary-husky/gpt_academic at  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fc484d9c5f442b5a8fc55fd57774f9e5606c4203...6d473154d6c254eec5de59c9037501913afbb147

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fc484d9c5f442b5a8fc55fd57774f9e5606c4203...6d473154d6c254eec5de59c9037501913afbb147
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250416/1ee6c880/attachment-0001.htm>
