[Git][security-tracker-team/security-tracker][master] 2 commits: Replace upstream issues as referenced from the CVE feed for elfutils issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Feb 17 19:33:55 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a528d69 by Salvatore Bonaccorso at 2025-02-17T20:30:19+01:00
Replace upstream issues as referenced from the CVE feed for elfutils issues

They also contain the "disputed" CVE assignment comment explaining the
"normal bug" aspect by upstream accordingly.

- - - - -
590f44fd by Salvatore Bonaccorso at 2025-02-17T20:33:31+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2025-26779 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26768 (Cross-Site Request Forgery (CSRF) vulnerability in what3words what3wor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26765 (Missing Authorization vulnerability in enituretechnology Distance Base ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26761 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26759 (Cross-Site Request Forgery (CSRF) vulnerability in alexvtn Content Sni ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-26755 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
@@ -50,7 +50,7 @@ CVE-2025-1378 (A vulnerability, which was classified as problematic, was found i
 	TODO: check
 CVE-2025-1377 (A vulnerability, which was classified as problematic, has been found i ...)
 	- elfutils <unfixed> (unimportant)
-	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32672
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32673
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba
 	NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
 CVE-2025-1376 (A vulnerability classified as problematic was found in GNU elfutils 0. ...)
@@ -70,7 +70,7 @@ CVE-2025-1372 (A vulnerability was found in GNU elfutils 0.192. It has been decl
 	NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
 CVE-2025-1371 (A vulnerability has been found in GNU elfutils 0.192 and classified as ...)
 	- elfutils <unfixed> (unimportant)
-	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32657
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32655
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b38e562a4c907e08171c76b8b2def8464d5a104a
 	NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
 CVE-2025-1370 (A vulnerability, which was classified as critical, has been found in M ...)
@@ -85,7 +85,7 @@ CVE-2025-1366 (A vulnerability was found in MicroWord eScan Antivirus 7.0.32 on
 	NOT-FOR-US: MicroWord eScan Antivirus
 CVE-2025-1365 (A vulnerability, which was classified as critical, was found in GNU el ...)
 	- elfutils <unfixed> (unimportant)
-	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32657
+	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=32654
 	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=5e5c0394d82c53e97750fe7b18023e6f84157b81
 	NOTE: Crash in CLI tool, considered only to be a normal bug by upstream
 CVE-2025-1364 (A vulnerability has been found in MicroWord eScan Antivirus 7.0.32 on  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d8c09c813d91ab722bfa10c5cc3ab394dbc030c...590f44fd62dbcff93f07f434e903fa0d154b0b5f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9d8c09c813d91ab722bfa10c5cc3ab394dbc030c...590f44fd62dbcff93f07f434e903fa0d154b0b5f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250217/4311936f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list