[Git][security-tracker-team/security-tracker][master] NFUs / new k8s issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Dec 16 08:12:25 GMT 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
934ac869 by Moritz Muehlenhoff at 2025-12-16T09:11:22+01:00
NFUs / new k8s issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-14439
+	NOT-FOR-US: OpenUSD
 CVE-2025-XXXX [Malicious remote can overwrite and exfiltrate local files]
 	- ckermit <unfixed> (bug #1123025)
 	[trixie] - ckermit <no-dsa> (Minor issue; documented; can be fixed via point release)
@@ -118,7 +120,7 @@ CVE-2025-12035 (An integer overflow condition exists in Bluetooth Host stack, wi
 CVE-2025-11670 (Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerab ...)
 	NOT-FOR-US: Zoho
 CVE-2025-11393 (A flaw was found in runtimes-inventory-rhel8-operator. An internal pro ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Runtimes Inventory Operator
 CVE-2024-44599 (FNT Command 13.4.0 is vulnerable to Directory Traversal.)
 	NOT-FOR-US: FNT Command
 CVE-2024-44598 (FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Modu ...)
@@ -196,7 +198,10 @@ CVE-2025-13740 (The Lightweight Accordion plugin for WordPress is vulnerable to
 CVE-2025-13355 (The URL Shortify  WordPress plugin before 1.11.4 does not sanitise and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13281 (A half-blind Server Side Request Forgery (SSRF) vulnerability exists i ...)
-	TODO: check
+	- kubernetes 1.20.5+really1.20.2-1
+	NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
+	NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
+	NOTE: https://groups.google.com/g/kubernetes-security-announce/c/EORqZg0k1l4/m/TtD-q0v7AgAJ
 CVE-2025-12684 (The URL Shortify  WordPress plugin before 1.11.3 does not sanitize and ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11363 (The Royal Addons for Elementor  WordPress plugin before 1.7.1037 does  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934ac869b88c12e5f23e8df516888c3b894acf51

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/934ac869b88c12e5f23e8df516888c3b894acf51
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251216/7693b8bb/attachment.htm>

More information about the debian-security-tracker-commits mailing list