[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jul 7 21:54:19 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
12ef50c1 by Salvatore Bonaccorso at 2025-07-07T22:52:56+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -104,15 +104,15 @@ CVE-2025-6663 (GStreamer H266 Codec Parsing Stack-based Buffer Overflow Remote C
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eedd01ac3dfeb60e36a44bb61a6d0418454e8416 (main)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/596cf19c0c4c92b31c4ef315a0278586b0772b93 (1.26.3)
 CVE-2025-6386 (The parisneo/lollms repository is affected by a timing attack vulnerab ...)
-	TODO: check
+	NOT-FOR-US: parisneo/lollms
 CVE-2025-6210 (A vulnerability in the ObsidianReader class of the run-llama/llama_ind ...)
-	TODO: check
+	NOT-FOR-US: llama/llama_index
 CVE-2025-6209 (A path traversal vulnerability exists in run-llama/llama_index version ...)
-	TODO: check
+	NOT-FOR-US: llama/llama_index
 CVE-2025-6044 (An Improper Access Control vulnerability in the Stylus Tools component ...)
 	TODO: check
 CVE-2025-5472 (The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable ...)
-	TODO: check
+	NOT-FOR-US: llama/llama_index
 CVE-2025-53543 (Kestra is an event-driven orchestration platform. The error message in ...)
 	TODO: check
 CVE-2025-53540 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ef50c1a95144486ac526a3e28e3c740e8136f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/12ef50c1a95144486ac526a3e28e3c740e8136f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250707/c9d639f0/attachment.htm>

More information about the debian-security-tracker-commits mailing list