[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue Aug 12 21:28:33 BST 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3a7c65d9 by Salvatore Bonaccorso at 2025-08-12T22:28:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2025-8885 (Allocation of Resources Without Limits or Throttling vulnerabilit
 	NOTE: https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885
 	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865 (r1rv78v1)
 CVE-2025-8452 (By using the "uscan" protocol provided by the eSCL specification, an a ...)
-	TODO: check
+	NOT-FOR-US: Brother
 CVE-2025-8310 (Missing authorization in the admin console of Ivanti Virtual Applicati ...)
 	NOT-FOR-US: Ivanti
 CVE-2025-8297 (Incomplete restriction of configurationin Ivanti Avalanche before vers ...)
@@ -25,7 +25,7 @@ CVE-2025-55168 (WeGIA is an open source web manager with a focus on the Portugue
 CVE-2025-55167 (WeGIA is an open source web manager with a focus on the Portuguese lan ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-55166 (savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, th ...)
-	TODO: check
+	NOT-FOR-US: darylldoyle svg-sanitizer
 CVE-2025-55164 (content-security-policy-parser parses content security policy directiv ...)
 	TODO: check
 CVE-2025-55011 (Kanboard is project management software that focuses on the Kanban met ...)
@@ -37,25 +37,25 @@ CVE-2025-55010 (Kanboard is project management software that focuses on the Kanb
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r
 	NOTE: https://github.com/kanboard/kanboard/commit/7148ac092e5db6b33e0fc35e04bca328d96c1f6f (v1.2.47)
 CVE-2025-54864 (Hydra is a continuous integration service for Nix based projects. Prio ...)
-	TODO: check
+	NOT-FOR-US: Hydra
 CVE-2025-54800 (Hydra is a continuous integration service for Nix based projects. Prio ...)
-	TODO: check
+	NOT-FOR-US: Hydra
 CVE-2025-53793 (Improper authentication in Azure Stack allows an unauthorized attacker ...)
 	TODO: check
 CVE-2025-53789 (Missing authentication for critical function in Windows StateRepositor ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-53788 (Time-of-check time-of-use (toctou) race condition in Windows Subsystem ...)
 	TODO: check
 CVE-2025-53784 (Use after free in Microsoft Office Word allows an unauthorized attacke ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-53783 (Heap-based buffer overflow in Microsoft Teams allows an unauthorized a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-53781 (Exposure of sensitive information to an unauthorized actor in Azure Vi ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-53779 (Relative path traversal in Windows Kerberos allows an authorized attac ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-53778 (Improper authentication in Windows NTLM allows an authorized attacker  ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-53773 (Improper neutralization of special elements used in a command ('comman ...)
 	TODO: check
 CVE-2025-53772 (Deserialization of untrusted data in Web Deploy allows an authorized a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7c65d9904766150cb17adba4a5b965a466bc23

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3a7c65d9904766150cb17adba4a5b965a466bc23
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250812/2c6fe982/attachment.htm>
