[Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Zephyr

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 25 16:54:08 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5a4f7858 by Moritz Muehlenhoff at 2025-06-25T17:53:04+02:00
auto-nfu: Add rule for Zephyr

Total CVEs from zephyr: 137
Total CVEs from zephyr with packages assigned: 0

Scope: Zephyr project components, and vulnerabilities that are not in another CNA’s scope.

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -429,7 +429,7 @@ CVE-2025-34032 (A reflected cross-site scripting (XSS) vulnerability exists in t
 CVE-2025-34031 (A path traversal vulnerability exists in the Moodle LMS Jmol plugin ve ...)
 	NOT-FOR-US: Moodle plugin
 CVE-2025-2962 (A denial-of-service issue in the dns implemenation could cause an infi ...)
-	TODO: check
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-23092 (Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an ...)
 	NOT-FOR-US: Mitel
 CVE-2024-56731 (Gogs is an open source self-hosted Git service. Prior to version 0.13. ...)
@@ -41684,11 +41684,11 @@ CVE-2025-22974 (SQL Injection vulnerability in SeaCMS v.13.2 and before allows a
 CVE-2025-22210 (A SQL injection vulnerability in the Hikashop component versions 3.3.0 ...)
 	NOT-FOR-US: Hikashop
 CVE-2025-1675 (The function dns_copy_qname in dns_pack.c performs performs a memcpy o ...)
-	NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-1674 (A lack of input validation allows for out of bounds reads caused by ma ...)
-	NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-1673 (A malicious or malformed DNS packet without a payload can cause an out ...)
-	NOT-FOR-US: NOT-FOR-US: Zephyr, different from src:zephyr
+	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-1648 (The Yawave plugin for WordPress is vulnerable to SQL Injection via the ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-1646 (A vulnerability, which was classified as critical, has been found in L ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -213,6 +213,8 @@
   cna: Xiaomi
 - reason: Yokogawa
   cna: YokogawaGroup
+- reason: Zephyr, different from src:zephyr
+  cna: zephyr
 - reason: Zscaler
   cna: Zscaler
 - reason: Zoho



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4f78583837e73bdbe0e0c99071b048b0e1059d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a4f78583837e73bdbe0e0c99071b048b0e1059d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250625/c0102f3c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list