[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 24 08:07:17 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9afcff8a by Moritz Muehlenhoff at 2025-06-24T09:06:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2025-2828
+	NOT-FOR-US: langchain-community
 CVE-2025-6547 (Improper Input Validation vulnerability in pbkdf2 allows Signature Spo ...)
 	- node-pbkdf2 <unfixed>
 	NOTE: https://github.com/browserify/pbkdf2/security/advisories/GHSA-v62p-rq8g-8h59
@@ -43,7 +45,7 @@ CVE-2025-52936 (Improper Link Resolution Before File Access ('Link Following') v
 	NOTE: https://github.com/yrutschle/sslh/pull/494
 	NOTE: Fixed by: https://github.com/yrutschle/sslh/commit/0fe9bd5a956a123342ff12352b25bff8025dac69 (v2.2.2)
 CVE-2025-52935 (Integer Overflow or Wraparound vulnerability in dragonflydb dragonfly  ...)
-	TODO: check
+	NOT-FOR-US: dragonflydb
 CVE-2025-52922 (Innoshop through 0.4.1 allows directory traversal via FileManager API  ...)
 	NOT-FOR-US: Innoshop
 CVE-2025-52921 (In Innoshop through 0.4.1, an authenticated attacker could exploit the ...)
@@ -71,7 +73,7 @@ CVE-2025-49574 (Quarkus is a Cloud Native, (Linux) Container First framework for
 CVE-2025-49144 (Notepad++ is a free and open-source source code editor. In versions 8. ...)
 	NOT-FOR-US: Notepad++
 CVE-2025-49126 (Visionatrix is an AI Media processing tool using ComfyUI. In versions  ...)
-	TODO: check
+	NOT-FOR-US: Visionatrix
 CVE-2025-48700 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 a ...)
 	NOT-FOR-US: Zimbra
 CVE-2025-48026 (A vulnerability in the WebApl component of Mitel OpenScape Xpressions  ...)
@@ -113,7 +115,7 @@ CVE-2023-47030 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacke
 CVE-2023-47029 (An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to e ...)
 	NOT-FOR-US: NCR Terminal Handler
 CVE-2021-47688 (In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local acces ...)
-	TODO: check
+	NOT-FOR-US: WhiteBeam
 CVE-2025-6503 (A vulnerability was found in code-projects Inventory Management System ...)
 	NOT-FOR-US: code-projects
 CVE-2025-6502 (A vulnerability has been found in code-projects Inventory Management S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9afcff8a4e458651a1dbbca2de8ba952e3f30aca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9afcff8a4e458651a1dbbca2de8ba952e3f30aca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250624/d27f7d78/attachment.htm>

More information about the debian-security-tracker-commits mailing list