[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Dec 18 08:45:43 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8fd6058 by Salvatore Bonaccorso at 2025-12-18T09:45:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16,7 +16,7 @@ CVE-2025-68433 (Zed, a code editor, has an aribtrary code execution vulnerabilit
 CVE-2025-68432 (Zed, a code editor, has an aribtrary code execution vulnerability in v ...)
 	- zed-editor <itp> (bug #1076165)
 CVE-2025-68429 (Storybook is a frontend workshop for building user interface component ...)
-	TODO: check
+	NOT-FOR-US: Storybook
 CVE-2025-68401 (ChurchCRM is an open-source church management system. Prior to version ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2025-68400 (ChurchCRM is an open-source church management system. A SQL Injection  ...)
@@ -26,15 +26,15 @@ CVE-2025-68399 (ChurchCRM is an open-source church management system. In version
 CVE-2025-68275 (ChurchCRM is an open-source church management system. Versions prior t ...)
 	NOT-FOR-US: ChurchCRM
 CVE-2025-68147 (Open Source Point of Sale (opensourcepos) is a web based point of sale ...)
-	TODO: check
+	NOT-FOR-US: Open Source Point of Sale (opensourcepos)
 CVE-2025-68145 (In mcp-server-git versions prior to 2025.12.17, when the server is sta ...)
-	TODO: check
+	NOT-FOR-US: mcp-server-git
 CVE-2025-68144 (In mcp-server-git versions prior to 2025.12.17, the git_diff and git_c ...)
-	TODO: check
+	NOT-FOR-US: mcp-server-git
 CVE-2025-68143 (Model Context Protocol Servers is a collection of reference implementa ...)
-	TODO: check
+	NOT-FOR-US: Model Context Protocol Servers
 CVE-2025-68129 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. I ...)
-	TODO: check
+	NOT-FOR-US: Auth0-PHP
 CVE-2025-68118 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	TODO: check
 CVE-2025-68114 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prio ...)
@@ -56,27 +56,27 @@ CVE-2025-67875 (ChurchCRM is an open-source church management system. A privileg
 CVE-2025-67873 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prio ...)
 	TODO: check
 CVE-2025-67794 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before  ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67793 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67792 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67791 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67790 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67789 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67787 (An issue was discovered in 25.1.2 before 25.1.5. A Cross Site Scriptin ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67781 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 2 ...)
-	TODO: check
+	NOT-FOR-US: DriveLock
 CVE-2025-67546 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67493 (Homarr is an open-source dashboard. Prior to version 1.45.3, it was po ...)
-	TODO: check
+	NOT-FOR-US: Homarr
 CVE-2025-66647 (RIOT is an open-source microcontroller operating system, designed to m ...)
-	TODO: check
+	NOT-FOR-US: RIOT
 CVE-2025-66119 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66118 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -104,7 +104,7 @@ CVE-2025-66068 (Missing Authorization vulnerability in InstaWP InstaWP Connect i
 CVE-2025-66054 (Missing Authorization vulnerability in ThimPress LearnPress learnpress ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66029 (Open OnDemand provides remote web access to supercomputers. In version ...)
-	TODO: check
+	NOT-FOR-US: Open OnDemand
 CVE-2025-64378 (Missing Authorization vulnerability in CridioStudio ListingPro listing ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64377 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8fd6058bc313d323f88bb7de72bba1188f61dce

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8fd6058bc313d323f88bb7de72bba1188f61dce
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251218/ec05e8d8/attachment.htm>

More information about the debian-security-tracker-commits mailing list