[Git][security-tracker-team/security-tracker][master] Demote CVE-2025-54869 to unimportant

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 8 05:22:38 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d3bf6652 by Salvatore Bonaccorso at 2025-08-08T06:21:55+02:00
Demote CVE-2025-54869 to unimportant

Thanks: Bastien Roucariès for the analysis.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -459,12 +459,12 @@ CVE-2025-54873 (RISC Zero is a zero-knowledge verifiable general computing platf
 CVE-2025-54872 (onion-site-template is a complete, scalable tor hidden service self-ho ...)
 	NOT-FOR-US: onion-site-template
 CVE-2025-54869 (FPDI is a collection of PHP classes that facilitate reading pages from ...)
-	- icingaweb2-module-pdfexport <unfixed>
-	[bullseye] - icingaweb2-module-pdfexport <postponed> (minor; DoS)
+	- icingaweb2-module-pdfexport <unfixed> (unimportant)
 	NOTE: https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3
 	NOTE: https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0
-	NOTE: icingaweb2-module-pdfexport embedds FPDI
-	NOTE: Likely not affected CVE is on import PDF module, likely not used by codepath of pdfexport
+	NOTE: icingaweb2-module-pdfexport embedds FPDI but likely not affected by the CVE, as
+	NOTE: the CVE is on the PDF parser while importing an untrusted PDF. icingaweb2-module-pdfexport
+	NOTE: exports a controlled PDF.
 CVE-2025-54801 (Fiber is an Express inspired web framework written in Go. In versions  ...)
 	NOT-FOR-US: Fiber
 CVE-2025-54655 (Race condition vulnerability in the virtualization base module. Succes ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3bf6652a7565dcc756dea40601c4e85ea9fae21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3bf6652a7565dcc756dea40601c4e85ea9fae21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250808/2c06a6f7/attachment.htm>

More information about the debian-security-tracker-commits mailing list