[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Aug 5 21:03:20 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
396cb1f4 by Salvatore Bonaccorso at 2025-08-05T22:02:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,35 +80,35 @@ CVE-2025-54975
 CVE-2025-54974
 	REJECTED
 CVE-2025-54871 (Electron Capture facilitates video playback for screen-sharing and cap ...)
-	TODO: check
+	NOT-FOR-US: Electron Capture
 CVE-2025-54870 (VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 an ...)
-	TODO: check
+	NOT-FOR-US: VTun-ng
 CVE-2025-54868 (LibreChat is a ChatGPT clone with additional features. In versions 0.0 ...)
 	NOT-FOR-US: LibreChat
 CVE-2025-54865 (Tilesheets MediaWiki Extension adds a table lookup parser function for ...)
 	NOT-FOR-US: MediaWiki Extension
 CVE-2025-54804 (Russh is a Rust SSH client & server library. In versions 0.54.0 and be ...)
-	TODO: check
+	NOT-FOR-US: russh
 CVE-2025-54803 (js-toml is a TOML parser for JavaScript, fully compliant with the TOML ...)
-	TODO: check
+	NOT-FOR-US: js-toml
 CVE-2025-54802 (pyLoad is the free and open-source Download Manager written in pure Py ...)
 	TODO: check
 CVE-2025-54797
 	REJECTED
 CVE-2025-54795 (Claude Code is an agentic coding tool. In versions below 1.0.20, an er ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2025-54794 (Claude Code is an agentic coding tool. In versions below 0.2.111, a pa ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2025-54780 (The glpi-screenshot-plugin allows users to take screenshots or screens ...)
-	TODO: check
+	NOT-FOR-US: GLPI plugin
 CVE-2025-54554 (tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthentica ...)
-	TODO: check
+	NOT-FOR-US: Tera Insights tiCrypt
 CVE-2025-54387 (IPX is an image optimizer powered by sharp and svgo. In versions 1.3.1 ...)
-	TODO: check
+	NOT-FOR-US: IPX
 CVE-2025-54135 (Cursor is a code editor built for programming with AI. Cursor allows w ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2025-54130 (Cursor is a code editor built for programming with AI. Cursor allows w ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2025-54119 (ADOdb is a PHP database class library that provides abstractions for p ...)
 	TODO: check
 CVE-2025-53544 (Trilium Notes is an open-source, cross-platform hierarchical note taki ...)
@@ -263,7 +263,7 @@ CVE-2013-10054 (An unauthenticated arbitrary file upload vulnerability exists in
 CVE-2013-10052 (ZPanel includes a helper binary named zsudo, intended to allow restric ...)
 	NOT-FOR-US: ZPanel
 CVE-2025-54962 (/edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows au ...)
-	TODO: check
+	NOT-FOR-US: OpenPLC
 CVE-2025-48499 (Out-of-bounds write vulnerability exists in FUJIFILM Business Innovati ...)
 	NOT-FOR-US: FUJIFILM
 CVE-2025-20702 (In the Airoha Bluetooth audio SDK, there is a possible unauthorized ac ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/396cb1f43fe97f2b57a44d01c436133f936607da

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/396cb1f43fe97f2b57a44d01c436133f936607da
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250805/c5db3b4e/attachment.htm>
