[Git][security-tracker-team/security-tracker][master] remove TODO for bogus freetype CVE assignment, freetype is continously

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b48410b2 by Moritz Muehlenhoff at 2025-01-11T12:50:42+01:00
remove TODO for bogus freetype CVE assignment, freetype is continously
fuzzed by oss-fuzz anyway

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,9 +15,8 @@ CVE-2025-23079 (Improper Neutralization of Input During Web Page Generation (XSS
 CVE-2025-23078 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
 	TODO: check
 CVE-2025-23022 (FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2i ...)
-	- freetype <undetermined>
+	NOTE: Bogus fuzzing report for a seven year old copy of FreeType
 	NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312
-	TODO: check, report was against old version upstream, code moved to psaux/ module in upstream VER-2-9, doubtful report
 CVE-2025-23016 (FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (an ...)
 	TODO: check
 CVE-2025-22949 (Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injectio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48410b2b21b194134a1f79c516e9576ffa416e6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b48410b2b21b194134a1f79c516e9576ffa416e6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250111/a5a7f2ff/attachment.htm>