[Git][security-tracker-team/security-tracker][master] Associate some NFUs with itp'ed entry for freshrss

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 1 23:31:57 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cfdd852d by Salvatore Bonaccorso at 2025-08-02T00:31:24+02:00
Associate some NFUs with itp'ed entry for freshrss

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17511,7 +17511,7 @@ CVE-2025-49007 (Rack is a modular Ruby web server interface. Starting in version
 CVE-2025-48947 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
 	NOT-FOR-US: Next.js
 CVE-2025-46341 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2025-3055 (The WP User Frontend Pro plugin for WordPress is vulnerable to arbitra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3054 (The WP User Frontend Pro plugin for WordPress is vulnerable to arbitra ...)
@@ -17591,7 +17591,7 @@ CVE-2025-48888 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. Start
 CVE-2025-47728 (Delta Electronics CNCSoft-G2lacks proper validation of the user-suppli ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-46339 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2025-46204 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
 	NOT-FOR-US: Unifiedtransform
 CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to escalate ...)
@@ -17599,13 +17599,13 @@ CVE-2025-46203 (An issue in Unifiedtransform v2.0 allows a remote attacker to es
 CVE-2025-46011 (Listmonk v4.1.0 (fixed in v5.0.0) is vulnerable to SQL Injection in th ...)
 	NOT-FOR-US: Listmonk
 CVE-2025-32015 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2025-31482 (FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in vers ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2025-31136 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2025-31134 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2025-30415 (Denial of service due to improper handling of malformed input. The fol ...)
 	NOT-FOR-US: Acronis
 CVE-2025-2336 (Improper sanitization of the value of the 'href' and 'xlink:href' attr ...)
@@ -232821,7 +232821,7 @@ CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and re
 CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...)
 	NOT-FOR-US: Argo CD
 CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the greader  ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused on help ...)
 	NOT-FOR-US: KubeOperator
 CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack allows  ...)
@@ -309461,7 +309461,7 @@ CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe mar
 CVE-2022-23498 (Grafana is an open-source platform for monitoring and observability. W ...)
 	- grafana <not-affected> (Specific to Grafana Enterprise)
 CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User configuration f ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to ...)
 	NOT-FOR-US: Yet Another UserAgent Analyzer (Yauaa)
 CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds two ipld n ...)
@@ -522547,7 +522547,7 @@ CVE-2018-19784 (The str_rot_pass function in vendor/atholn1600/php-proxy/src/hel
 CVE-2018-19783 (Kentix MultiSensor-LAN 5.63.00 devices and previous allow Authenticati ...)
 	NOT-FOR-US: Kentix MultiSensor-LAN
 CVE-2018-19782 (Multiple cross-site scripting (XSS) vulnerabilities in GET requests in ...)
-	NOT-FOR-US: FreshRSS
+	- freshrss <itp> (bug #1032767)
 CVE-2018-19781
 	RESERVED
 CVE-2018-19780



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfdd852dfeb0d3a7084a1954f41cc59eb3b196e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfdd852dfeb0d3a7084a1954f41cc59eb3b196e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250801/6aa1d22d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list