[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 5 10:13:01 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
865dda37 by Moritz Muehlenhoff at 2025-06-05T11:12:39+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-5690 (PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allow ...)
-	TODO: check
+	NOT-FOR-US: PostgreSQL Anonymizer
 CVE-2025-5683 (When loading a specifically crafted ICNS format image file in QImage t ...)
 	TODO: check
 CVE-2025-5646 (A vulnerability has been found in Radare2 5.9.9 and classified as prob ...)
@@ -28,7 +28,7 @@ CVE-2025-5641 (A vulnerability was found in Radare2 5.9.9. It has been rated as
 	NOTE: https://github.com/radareorg/radare2/issues/24230
 	NOTE: https://github.com/radareorg/radare2/commit/5705d99cc1f23f36f9a84aab26d1724010b97798
 CVE-2025-5640 (A vulnerability was found in PX4-Autopilot 1.12.3. It has been classif ...)
-	TODO: check
+	NOT-FOR-US: PX4-Autopilot
 CVE-2025-5639 (A vulnerability was found in PHPGurukul Notice Board System 1.0 and cl ...)
 	NOT-FOR-US: PHPGurukul
 CVE-2025-5638 (A vulnerability has been found in PHPGurukul Notice Board System 1.0 a ...)
@@ -42,11 +42,11 @@ CVE-2025-5635 (A vulnerability classified as critical was found in PCMan FTP Ser
 CVE-2025-5634 (A vulnerability classified as critical has been found in PCMan FTP Ser ...)
 	NOT-FOR-US: PCMan FTP Server
 CVE-2025-5633 (A vulnerability was found in code-projects/anirbandutta9 Content Manag ...)
-	TODO: check
+	NOT-FOR-US: News-Buzz
 CVE-2025-5632 (A vulnerability was found in code-projects/anirbandutta9 Content Manag ...)
-	TODO: check
+	NOT-FOR-US: News-Buzz
 CVE-2025-5631 (A vulnerability was found in code-projects/anirbandutta9 Content Manag ...)
-	TODO: check
+	NOT-FOR-US: News-Buzz
 CVE-2025-5630 (A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classif ...)
 	NOT-FOR-US: D-Link
 CVE-2025-5629 (A vulnerability, which was classified as critical, was found in Tenda  ...)
@@ -90,19 +90,19 @@ CVE-2025-5611 (A vulnerability, which was classified as critical, was found in C
 CVE-2025-5610 (A vulnerability, which was classified as critical, has been found in C ...)
 	NOT-FOR-US: CodeAstro
 CVE-2025-49008 (Atheos is a self-hosted browser-based cloud integrated development env ...)
-	TODO: check
+	NOT-FOR-US: Atheos
 CVE-2025-49007 (Rack is a modular Ruby web server interface. Starting in version 3.1.0 ...)
 	TODO: check
 CVE-2025-48947 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...)
 	NOT-FOR-US: Next.js
 CVE-2025-46341 (FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2 ...)
-	TODO: check
+	NOT-FOR-US: FreshRSS
 CVE-2025-3055 (The WP User Frontend Pro plugin for WordPress is vulnerable to arbitra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-3054 (The WP User Frontend Pro plugin for WordPress is vulnerable to arbitra ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1793 (Multiple vector store integrations in run-llama/llama_index version v0 ...)
-	TODO: check
+	NOT-FOR-US: run-llama/llama_index
 CVE-2025-49466 (aerc before 93bec0d allows directory traversal in commands/msgview/ope ...)
 	- earc 0.20.0-2
 	NOTE: Fixed by: https://git.sr.ht/~rjarry/aerc/commit/93bec0de8ed5ab3d6b1f01026fe2ef20fa154329
@@ -348,9 +348,9 @@ CVE-2025-49000 (InvenTree is an Open Source Inventory Management System. Prior t
 CVE-2025-48999 (DataEase is an open source business intelligence and data visualizatio ...)
 	NOT-FOR-US: DataEase
 CVE-2025-48951 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. V ...)
-	TODO: check
+	NOT-FOR-US: Auth0 PHP
 CVE-2025-48710 (kro (Kube Resource Orchestrator) 0.1.0 before 0.2.1 allows users (with ...)
-	TODO: check
+	NOT-FOR-US: kro (Kube Resource Orchestrator)
 CVE-2025-47727 (Delta Electronics CNCSoftlacks proper validation of the user-supplied  ...)
 	NOT-FOR-US: Delta Electronics
 CVE-2025-47726 (Delta Electronics CNCSoftlacks proper validation of the user-supplied  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865dda37824cea00a81817e7dcae9160604dfa24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/865dda37824cea00a81817e7dcae9160604dfa24
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250605/0192af0d/attachment.htm>

More information about the debian-security-tracker-commits mailing list