[Git][security-tracker-team/security-tracker][master] Demote severity for ros-ros-comm issues to unimportant

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c893a548 by Salvatore Bonaccorso at 2025-08-11T19:03:10+02:00
Demote severity for ros-ros-comm issues to unimportant

The security impact is disputable. After short discussion with ochen
Sprickerhof (and indirectly Timo Röhling) we agree that the impact is
negligible. More information and followup as well in #1110773

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5874,7 +5874,8 @@ CVE-2025-47189 (Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 be
 CVE-2025-46102 (Cross Site Scripting vulnerability in Beakon Software Beakon Learning  ...)
 	NOT-FOR-US: Beakon Software Beakon Learning Management System
 CVE-2025-3753 (A code execution vulnerability has been identified in the Robot Operat ...)
-	- ros-ros-comm <unfixed> (bug #1110773)
+	- ros-ros-comm <unfixed> (bug #1110773; unimportant)
+	NOTE: Negligible security impact
 CVE-2025-3740 (The School Management System for Wordpress plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-38349 (In the Linux kernel, the following vulnerability has been resolved:  e ...)
@@ -5909,13 +5910,17 @@ CVE-2025-0886 (An incorrect permissions vulnerability was reported in Elliptic L
 CVE-2024-42209 (HCL Connections is vulnerable to an information disclosure vulnerabili ...)
 	NOT-FOR-US: HCL
 CVE-2024-41921 (A code injection vulnerability has been discovered in the Robot Operat ...)
-	- ros-ros-comm <unfixed> (bug #1110773)
+	- ros-ros-comm <unfixed> (bug #1110773; unimportant)
+	NOTE: Negligible security impact
 CVE-2024-41148 (A code injection vulnerability has been discovered in the Robot Operat ...)
-	- ros-ros-comm <unfixed> (bug #1110773)
+	- ros-ros-comm <unfixed> (bug #1110773; unimportant)
+	NOTE: Negligible security impact
 CVE-2024-39835 (A code injection vulnerability has been identified in the Robot Operat ...)
-	- ros-ros-comm <unfixed> (bug #1110773)
+	- ros-ros-comm <unfixed> (bug #1110773; unimportant)
+	NOTE: Negligible security impact
 CVE-2024-39289 (A code execution vulnerability has been discovered in the Robot Operat ...)
-	- ros-ros-comm <unfixed> (bug #1110773)
+	- ros-ros-comm <unfixed> (bug #1110773; unimportant)
+	NOTE: Negligible security impact
 CVE-2024-32323 (SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a ...)
 	NOT-FOR-US: cnhcit.com Haichang OA
 CVE-2024-32124 (An improper access control vulnerability [CWE-284] in FortiIsolator ve ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c893a54823829fac8fc33d95605a78ae49d8b1aa

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c893a54823829fac8fc33d95605a78ae49d8b1aa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250811/3a9c33d1/attachment-0001.htm>