[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Dec 10 08:21:35 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b747d671 by Salvatore Bonaccorso at 2025-12-10T09:21:09+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9571 (A remote code execution (RCE) vulnerability exists in Google Cloud Dat ...)
-	TODO: check
+	NOT-FOR-US: Google Cloud Data Fusion
 CVE-2025-9056 (Unprotected service in the AudioLink component allows a local attacker ...)
 	NOT-FOR-US: TECNO Mobile
 CVE-2025-67613
@@ -21,19 +21,19 @@ CVE-2025-67606
 CVE-2025-67605
 	REJECTED
 CVE-2025-67507 (Filament is a collection of full-stack components for accelerated Lara ...)
-	TODO: check
+	NOT-FOR-US: Filament
 CVE-2025-67506 (PipesHub is a fully extensible workplace AI platform for enterprise se ...)
-	TODO: check
+	NOT-FOR-US: PipesHub
 CVE-2025-67503
 	REJECTED
 CVE-2025-67502 (Taguette is an open source qualitative research tool. In versions 1.5. ...)
-	TODO: check
+	NOT-FOR-US: Taguette
 CVE-2025-67501 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-67500 (Mastodon is a free, open-source social network server based on Activit ...)
 	TODO: check
 CVE-2025-67499 (The CNI portmap plugin allows containers to emulate opening a host por ...)
-	TODO: check
+	NOT-FOR-US: CNI portmap plugin
 CVE-2025-67498
 	REJECTED
 CVE-2025-67497
@@ -41,19 +41,19 @@ CVE-2025-67497
 CVE-2025-67496 (WeGIA is an open source Web Manager for Institutions with a focus on P ...)
 	NOT-FOR-US: WeGIA
 CVE-2025-67495 (ZITADEL is an open-source identity infrastructure tool. Versions 4.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2025-67494 (ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2025-67489 (@vitejs/plugin-rs provides React Server Components (RSC) support for V ...)
-	TODO: check
+	NOT-FOR-US: React Server Components (RSC) support plugin for Vite
 CVE-2025-67488 (SiYuan is self-hosted, open source personal knowledge management softw ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2025-67485 (mad-proxy is a Python-based HTTP/HTTPS proxy server for detection and  ...)
 	TODO: check
 CVE-2025-66645 (NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are v ...)
-	TODO: check
+	NOT-FOR-US: NiceGUI
 CVE-2025-66626 (Argo Workflows is an open source container-native workflow engine for  ...)
-	TODO: check
+	NOT-FOR-US: Argo
 CVE-2025-66625 (Umbraco is an ASP.NET CMS. Due to unsafe handling and deletion of temp ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2025-66457 (Elysia is a Typescript framework for request validation, type inferenc ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b747d671475b75e45e8c5def1a253a69d11ecdac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b747d671475b75e45e8c5def1a253a69d11ecdac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251210/b086d4ac/attachment.htm>
