[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 8 17:10:47 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b62e59c1 by Moritz Mühlenhoff at 2025-07-08T18:10:25+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -392,7 +392,7 @@ CVE-2025-43933 (fblog through 983bede allows account takeover via the password r
 CVE-2025-43932 (JobCenter through 7e7b0b2 allows account takeover via the password res ...)
 	NOT-FOR-US: JobCenter
 CVE-2025-43931 (flask-boilerplate through a170e7c allows account takeover via the pass ...)
-	TODO: check
+	NOT-FOR-US: flask-boilerplate
 CVE-2025-43930 (Hashview 0.8.1 allows account takeover via the password reset feature  ...)
 	NOT-FOR-US: Hashview
 CVE-2025-3920 (A vulnerability was identified in SUR-FBD CMMS where hard-coded creden ...)
@@ -824,15 +824,15 @@ CVE-2025-53568 (Cross-Site Request Forgery (CSRF) vulnerability in Tony Zeoli Ra
 CVE-2025-53566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-53485 (SetTranslationHandler.php does not validate that the user is an electi ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki SecurePoll extension
 CVE-2025-53484 (User-controlled inputs are improperly escaped in:       *   VotePage.p ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki SecurePoll extension
 CVE-2025-53483 (ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeCl ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki SecurePoll extension
 CVE-2025-53482 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki IPInfo extension
 CVE-2025-53481 (Uncontrolled Resource Consumption vulnerability in Wikimedia Foundatio ...)
-	TODO: check
+	NOT-FOR-US: MediaWiki IPInfo extension
 CVE-2025-52833 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-52832 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62e59c1cf2898c6a111e8fbed0c5597039e4bb9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b62e59c1cf2898c6a111e8fbed0c5597039e4bb9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250708/9b441b29/attachment.htm>

More information about the debian-security-tracker-commits mailing list