[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Aug 15 22:32:33 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cc4b183c by Salvatore Bonaccorso at 2025-08-15T23:31:39+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2025-5047 (A maliciously crafted DGN file, when parsed through Autodesk Auto
 CVE-2025-5046 (A maliciously crafted DGN file, when linked or imported into Autodesk  ...)
 	NOT-FOR-US: Autodesk
 CVE-2025-55285 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...)
-	TODO: check
+	NOT-FOR-US: backstage/plugin-scaffolder-backend
 CVE-2025-55207 (Astro is a web framework for content-driven websites. Following CVE-20 ...)
 	NOT-FOR-US: Astro
 CVE-2025-55203 (Plane is open-source project management software. Prior to version 0.2 ...)
@@ -897,7 +897,7 @@ CVE-2011-10019 (Spreecommerce versions prior to 0.60.2 contains a remote command
 CVE-2011-10018 (myBB version 1.6.4 was distributed with an unauthorized backdoor embed ...)
 	NOT-FOR-US: MyBB
 CVE-2011-10017 (Snort Report versions < 1.3.2 contains a remote command execution vuln ...)
-	TODO: check
+	NOT-FOR-US: Snort Report
 CVE-2011-10016 (Real Networks Netzip Classic version 7.5.1.86 is vulnerable to a stack ...)
 	NOT-FOR-US: Real Networks Netzip Classic
 CVE-2011-10015 (Cytel Studio version 9.0 and earlier is vulnerable to a stack-based bu ...)
@@ -1000,7 +1000,7 @@ CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite valv
 	NOTE: https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6 (10.1.42)
 	NOTE: https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95 (9.0.106)
 CVE-2025-55345 (Using Codex CLI in workspace-write mode inside a malicious context (re ...)
-	TODO: check
+	NOT-FOR-US: Codex CLI
 CVE-2025-55280 (This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi crede ...)
 	NOT-FOR-US: ZKTeco
 CVE-2025-55279 (This vulnerability exists in ZKTeco WL20 due to hard-coded private key ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc4b183c7d31097e7c8964831cfada453153dd93

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cc4b183c7d31097e7c8964831cfada453153dd93
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250815/d2c4ec77/attachment.htm>

More information about the debian-security-tracker-commits mailing list