[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jul 31 08:41:33 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5e2ea7d1 by Salvatore Bonaccorso at 2025-07-31T09:41:11+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2025-8312 (Deadlock in PAM automatic check-in feature in Devolutions Server
 CVE-2025-6348 (The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQ ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-54656 (** UNSUPPORTED WHEN ASSIGNED ** Improper Output Neutralization for Log ...)
-	TODO: check
+	NOT-FOR-US: Apache Struts Extras
 CVE-2025-54584 (GitProxy is an application that stands between developers and a Git re ...)
 	NOT-FOR-US: GitProxy
 CVE-2025-54583 (GitProxy is an application that stands between developers and a Git re ...)
@@ -40,7 +40,7 @@ CVE-2025-54572 (The Ruby SAML library is for implementing the client side of a S
 CVE-2025-54433 (Bugsink is a self-hosted error tracking service. In versions 1.4.2 and ...)
 	NOT-FOR-US: Bugsink
 CVE-2025-54430 (dedupe is a python library that uses machine learning to perform fuzzy ...)
-	TODO: check
+	NOT-FOR-US: dedupe
 CVE-2025-54425 (Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15.0.0 t ...)
 	NOT-FOR-US: Umbraco CMS
 CVE-2025-54410 (Moby is an open source container framework developed by Docker Inc. th ...)
@@ -80,7 +80,7 @@ CVE-2025-50464 (A buffer overflow vulnerability exists in the upload.cgi module
 CVE-2025-47001 (Adobe Experience Manager versions 6.5.22 and earlier are affected by a ...)
 	NOT-FOR-US: Adobe
 CVE-2025-46811 (A Missing Authentication for Critical Function vulnerability in SUSE M ...)
-	TODO: check
+	NOT-FOR-US: SUSE Manager
 CVE-2025-45620 (An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to o ...)
 	NOT-FOR-US: Aver
 CVE-2025-45619 (An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote atta ...)
@@ -126,7 +126,7 @@ CVE-2025-8321 (Tesla Wall Connector Firmware Downgrade Vulnerability. This vulne
 CVE-2025-8320 (Tesla Wall Connector Content-Length Header Improper Input Validation R ...)
 	NOT-FOR-US: Tesla
 CVE-2025-8319 (the BMA login interface allows arbitrary JavaScript or HTML to be writ ...)
-	TODO: check
+	NOT-FOR-US: Barracuda Mail Archiver
 CVE-2025-8217 (The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0  ...)
 	NOT-FOR-US: Amazon
 CVE-2025-7849 (A memory corruption vulnerability due to improper error handling when  ...)
@@ -138,7 +138,7 @@ CVE-2025-7361 (A code injection vulnerability due to an improper initialization
 CVE-2025-54381 (BentoML is a Python library for building online serving systems optimi ...)
 	NOT-FOR-US: BentoML
 CVE-2025-54126 (The WebAssembly Micro Runtime's (WAMR) iwasm package is the executable ...)
-	TODO: check
+	NOT-FOR-US: wasm-micro-runtime
 CVE-2025-4426 (The vulnerability was identified in the code developed specifically fo ...)
 	NOT-FOR-US: Insyde
 CVE-2025-4425 (The vulnerability was identified in the code developed specifically fo ...)
@@ -310,7 +310,7 @@ CVE-2025-31243 (A permissions issue was addressed with additional restrictions.
 CVE-2025-31229 (A logic issue was addressed with improved checks. This issue is fixed  ...)
 	NOT-FOR-US: Apple
 CVE-2025-25011 (An uncontrolled search path element vulnerability can lead to local pr ...)
-	TODO: check
+	NOT-FOR-US: Beats (Windows Installer)
 CVE-2025-24224 (The issue was addressed with improved checks. This issue is fixed in t ...)
 	NOT-FOR-US: Apple
 CVE-2025-24188 (A logic issue was addressed with improved checks. This issue is fixed  ...)
@@ -318,7 +318,7 @@ CVE-2025-24188 (A logic issue was addressed with improved checks. This issue is
 CVE-2025-24119 (This issue was addressed through improved state management. This issue ...)
 	NOT-FOR-US: Apple
 CVE-2025-0712 (An uncontrolled search path element vulnerability can lead to local pr ...)
-	TODO: check
+	NOT-FOR-US: Beats (Windows Installer)
 CVE-2025-7777
 	NOT-FOR-US: mirror-registry for Quay
 CVE-2025-8292 (Use after free in Media Stream in Google Chrome prior to 138.0.7204.18 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2ea7d137e7fa045a944e19fd2c85778c47ba07

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5e2ea7d137e7fa045a944e19fd2c85778c47ba07
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250731/da3361c6/attachment.htm>

More information about the debian-security-tracker-commits mailing list