[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jul 15 09:01:28 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a7fe7495 by Moritz Muehlenhoff at 2025-07-15T10:01:07+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2025-7625 (A vulnerability, which was classified as critical, was found in Y
 CVE-2025-7618 (A stored Cross-Site Scripting (XSS) vulnerability vulnerability was fo ...)
 	NOT-FOR-US: Asustor
 CVE-2025-7616 (A vulnerability, which was classified as critical, has been found in g ...)
-	TODO: check
+	NOT-FOR-US: snap7-rs
 CVE-2025-7615 (A vulnerability classified as critical was found in TOTOLINK T6 4.1.5c ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-7614 (A vulnerability classified as critical has been found in TOTOLINK T6 4 ...)
@@ -83,7 +83,7 @@ CVE-2025-53689 (Blind XXE Vulnerabilities in jackrabbit-spi-commons and jackrabb
 CVE-2025-53639 (MeterSphere is an open source continuous testing platform. Prior to ve ...)
 	NOT-FOR-US: MeterSphere
 CVE-2025-53623 (The Job Iteration API is an an extension for ActiveJob that make jobs  ...)
-	TODO: check
+	NOT-FOR-US: Shopify extension
 CVE-2025-53101 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qh3h-j545-h8c9
@@ -124,7 +124,7 @@ CVE-2025-51650 (An arbitrary file upload vulnerability in the component /control
 CVE-2025-50756 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)
 	NOT-FOR-US: Wavlink
 CVE-2025-27582 (The Secure Password extension in One Identity Password Manager before  ...)
-	TODO: check
+	NOT-FOR-US: One Identity Password Manager
 CVE-2025-24391 (A vulnerability in the External Interface of OTRS allows conclusions t ...)
 	NOT-FOR-US: OTRS
 	NOTE: Issue is listed as specific to >= 7.x, so won't affect Znuny which forked from 6.x
@@ -582,7 +582,7 @@ CVE-2025-3631 (An IBM MQ 9.3 and 9.4 Client connecting to an MQ Queue Manager ca
 CVE-2025-30661 (An Incorrect Permission Assignment for Critical Resource vulnerability ...)
 	NOT-FOR-US: Juniper
 CVE-2025-30403 (A heap-buffer-overflow vulnerability is possible in mvfst via a specia ...)
-	TODO: check
+	NOT-FOR-US: mvfst
 CVE-2025-30402 (A heap-buffer-overflow vulnerability in the loading of ExecuTorch meth ...)
 	NOT-FOR-US: ExecuTorch
 CVE-2024-47065 (Meshtastic is an open source mesh networking solution. Prior to 2.5.1, ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7fe749507b054ee9b6f405ca47fcacbc310c80f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a7fe749507b054ee9b6f405ca47fcacbc310c80f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250715/67ed1094/attachment.htm>

More information about the debian-security-tracker-commits mailing list