[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 21 09:22:06 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
544da722 by Salvatore Bonaccorso at 2025-06-21T10:21:53+02:00
Process some NFUs

- - - - -
3ee3ffa8 by Salvatore Bonaccorso at 2025-06-21T10:21:54+02:00
Add CVE-2025-6375/poco

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,17 @@
 CVE-2025-6401 (A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It h ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-6400 (A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101 and c ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-6399 (A vulnerability, which was classified as critical, was found in TOTOLI ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-6394 (A vulnerability was found in code-projects Simple Online Hotel Reserva ...)
 	NOT-FOR-US: code-projects
 CVE-2025-6393 (A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU and EX120 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2025-6375 (A vulnerability was found in poco up to 1.14.1. It has been rated as p ...)
-	TODO: check
+	- poco <unfixed>
+	NOTE: https://github.com/pocoproject/poco/issues/4915
+	NOTE: https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf (poco-1.14.2-release)
 CVE-2025-6374 (A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as ...)
 	NOT-FOR-US: D-Link
 CVE-2025-6373 (A vulnerability has been found in D-Link DIR-619L 2.06B01 and classifi ...)
@@ -33,21 +35,21 @@ CVE-2025-6364 (A vulnerability has been found in code-projects Simple Pizza Orde
 CVE-2025-6218 (RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. ...)
 	TODO: check
 CVE-2025-6217 (PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Inform ...)
-	TODO: check
+	NOT-FOR-US: PEAK-System Driver
 CVE-2025-6216 (Allegra calculateTokenExpDate Password Recovery Authentication Bypass  ...)
-	TODO: check
+	NOT-FOR-US: Allegra
 CVE-2025-5820 (Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2025-5479 (Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Re ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2025-5478 (Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Ex ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2025-5477 (Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Re ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2025-5476 (Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vul ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2025-5475 (Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code ...)
-	TODO: check
+	NOT-FOR-US: Sony
 CVE-2025-5143 (The TableOn \u2013 WordPress Posts Table Filterable plugin for WordPre ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-5034 (The wp-file-download WordPress plugin before 6.2.6 does not sanitise a ...)
@@ -57,15 +59,15 @@ CVE-2025-52557 (Mail-0's Zero is an open-source email solution. In version 0.8 i
 CVE-2025-52556 (rfc3161-client is a Python library implementing the Time-Stamp Protoco ...)
 	TODO: check
 CVE-2025-52552 (FastGPT is an AI Agent building platform. Prior to version 4.9.12, the ...)
-	TODO: check
+	NOT-FOR-US: FastGPT
 CVE-2025-52488 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-52487 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-52486 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-52485 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-6363 (A vulnerability, which was classified as critical, was found in code-p ...)
 	NOT-FOR-US: code-projects
 CVE-2025-6362 (A vulnerability, which was classified as critical, has been found in c ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2809fa9eef61365aa32a3499a9b6affaf9aed0dd...3ee3ffa8d04cb30e9419f9c1f415d51bed4d2ab0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2809fa9eef61365aa32a3499a9b6affaf9aed0dd...3ee3ffa8d04cb30e9419f9c1f415d51bed4d2ab0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250621/83e0f220/attachment.htm>

More information about the debian-security-tracker-commits mailing list