[Git][security-tracker-team/security-tracker][master] 3 commits: auto-nfu: Add PHPGurukul

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d7b5e5f by Moritz Muehlenhoff at 2025-03-03T15:04:22+01:00
auto-nfu: Add PHPGurukul

- - - - -
2fcd0355 by Moritz Muehlenhoff at 2025-03-03T15:04:22+01:00
cvlist.el: Fix Emacs 30 compat for two functions

- - - - -
9c24b41e by Moritz Muehlenhoff at 2025-03-03T15:04:22+01:00
NFUs

- - - - -


3 changed files:

- conf/cvelist.el
- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
conf/cvelist.el
=====================================
@@ -24,6 +24,7 @@
 ; TODO: Tab completion for existing NFUs
 (defun debian-cvelist-insert-not-for-us ()
   "Insert NOT-FOR-US keyword."
+  (interactive)
   (setq last-nfu (read-string "Name of software: " last-nfu))
   (interactive)
   (beginning-of-line)
@@ -37,6 +38,7 @@
 
 (defun debian-cvelist-insert-bug ()
   "Add bugnumber to end of line."
+  (interactive)
   (setq bugnum (read-string "Bug number (without #): " bugnum))
   (interactive)
   (end-of-line)


=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-27590 (In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration ...)
-	TODO: check
+	NOT-FOR-US: oxidized-web
 CVE-2025-27585 (A stored cross-site scripting (XSS) vulnerability in Serosoft Solution ...)
 	NOT-FOR-US: Serosoft Solutions
 CVE-2025-27584 (A stored cross-site scripting (XSS) vulnerability in Serosoft Solution ...)
@@ -7,7 +7,7 @@ CVE-2025-27584 (A stored cross-site scripting (XSS) vulnerability in Serosoft So
 CVE-2025-27583 (Incorrect access control in the component /rest/staffResource/findAllU ...)
 	NOT-FOR-US: Serosoft Solutions
 CVE-2025-27579 (In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/syste ...)
-	TODO: check
+	NOT-FOR-US: Bitaxe ESP-Miner
 CVE-2025-25953 (Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) E ...)
 	NOT-FOR-US: Serosoft Solutions
 CVE-2025-25952 (An Insecure Direct Object References (IDOR) in the component /getStude ...)
@@ -41,11 +41,11 @@ CVE-2025-20645 (In KeyInstall, there is a possible out of bounds write due to a
 CVE-2025-20644 (In Modem, there is a possible memory corruption due to incorrect error ...)
 	NOT-FOR-US: MediaTek
 CVE-2025-1857 (A vulnerability classified as critical has been found in PHPGurukul Ni ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-1856 (A vulnerability was found in Codezips Gym Management System 1.0. It ha ...)
 	TODO: check
 CVE-2025-1855 (A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul
 CVE-2025-1854 (A vulnerability was found in Codezips Gym Management System 1.0. It ha ...)
 	TODO: check
 CVE-2025-1853 (A vulnerability was found in Tenda AC8 16.03.34.06 and classified as c ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -19,6 +19,8 @@
   description: '.*\b(?i: d-link)\b.*'
 - reason: ESAFENET
   description: '.*\bESAFENET\b.*'
+- reason: PHPGurukul
+  description: '.*\bPHPGurukul\b.*'
 - reason: Serosoft Solutions
   description: '.*\bSerosoft\b.*'
 - reason: Tenda



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57003f734b8576e6f0a3a4c352498ff8102233cb...9c24b41e24ddfeab3f2546cf946415d12cfa564f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57003f734b8576e6f0a3a4c352498ff8102233cb...9c24b41e24ddfeab3f2546cf946415d12cfa564f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250303/d8299c05/attachment-0001.htm>