[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Aug 11 21:31:34 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e31d203f by Salvatore Bonaccorso at 2025-08-11T22:31:06+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,7 +19,7 @@ CVE-2025-8851 (A vulnerability was determined in LibTIFF up to 4.5.1. Affected b
 	NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 (v4.7.0rc1)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2025-8847 (A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected ...)
-	TODO: check
+	NOT-FOR-US: yangzongzhuan RuoYi
 CVE-2025-8846 (A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affec ...)
 	TODO: check
 CVE-2025-8845 (A vulnerability was identified in NASM Netwide Assember 2.17rc0. This  ...)
@@ -31,39 +31,39 @@ CVE-2025-8843 (A vulnerability was found in NASM Netwide Assember 2.17rc0. This
 CVE-2025-8842 (A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affec ...)
 	TODO: check
 CVE-2025-8841 (A vulnerability was identified in zlt2000 microservices-platform up to ...)
-	TODO: check
+	NOT-FOR-US: zlt2000 microservices-platform
 CVE-2025-8840 (A vulnerability was determined in jshERP up to 3.5. Affected is an unk ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-8839 (A vulnerability was found in jshERP up to 3.5. This issue affects some ...)
-	TODO: check
+	NOT-FOR-US: jshERP
 CVE-2025-8838 (A vulnerability has been found in WinterChenS my-site up to 1f7525f159 ...)
-	TODO: check
+	NOT-FOR-US: WinterChenS my-site
 CVE-2025-8837 (A vulnerability was identified in JasPer up to 4.2.5. This affects the ...)
 	TODO: check
 CVE-2025-8672 (MacOS version of GIMP bundles a Python interpreter that inherits the T ...)
 	TODO: check
 CVE-2025-8285 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-7679 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
 	NOT-FOR-US: ABB group
 CVE-2025-7677 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
 	NOT-FOR-US: ABB group
 CVE-2025-54525 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-54478 (Mattermost Confluence Plugin version <1.5.0 fails to enforce authentic ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-54463 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-54458 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-54063 (Cherry Studio is a desktop client that supports for multiple LLM provi ...)
 	TODO: check
 CVE-2025-53910 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-53857 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-53514 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-53191 (Missing Authentication for Critical Function vulnerability in ABB Aspe ...)
 	NOT-FOR-US: ABB group
 CVE-2025-53190 (A vulnerability in ABB Aspect.This issue affects Aspect: before <3.08. ...)
@@ -75,21 +75,21 @@ CVE-2025-53188 (Insufficiently Protected Credentials vulnerability in ABB Aspect
 CVE-2025-53187 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: ABB group
 CVE-2025-52931 (Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-51824 (libcsp 2.0 is vulnerable to Buffer Overflow in the csp_usart_open() fu ...)
 	TODO: check
 CVE-2025-51823 (libcsp 2.0 is vulnerable to Buffer Overflow in the csp_eth_init() func ...)
 	TODO: check
 CVE-2025-49221 (Mattermost Confluence Plugin version <1.5.0 fails to enforce authentic ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-48731 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-45146 (ModelCache for LLM through v0.2.0 was discovered to contain an deseria ...)
-	TODO: check
+	NOT-FOR-US: ModelCache for LLM
 CVE-2025-44004 (Mattermost Confluence Plugin version <1.5.0 fails to check the authori ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-44001 (Mattermost Confluence Plugin version <1.5.0 fails to check the access  ...)
-	TODO: check
+	NOT-FOR-US: Mattermost Confluence Plugin
 CVE-2025-38499 (In the Linux kernel, the following vulnerability has been resolved:  c ...)
 	TODO: check
 CVE-2025-25231 (Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e31d203f33d851b2644e3e8b4bfa08c4a82cf127

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e31d203f33d851b2644e3e8b4bfa08c4a82cf127
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250811/907f5655/attachment.htm>

More information about the debian-security-tracker-commits mailing list