[Git][security-tracker-team/security-tracker][master] 2 commits: Process two NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b3019f4b by Salvatore Bonaccorso at 2025-03-10T21:22:19+01:00
Process two NFUs

- - - - -
8c697e87 by Salvatore Bonaccorso at 2025-03-10T21:22:21+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,27 +11,27 @@ CVE-2025-2148 (A vulnerability was found in PyTorch 2.6.0+cu124. It has been dec
 CVE-2025-2147 (A vulnerability was found in Beijing Zhide Intelligent Internet Techno ...)
 	TODO: check
 CVE-2025-27913 (Passbolt API before 5, if the server is misconfigured (with an incorre ...)
-	TODO: check
+	NOT-FOR-US: Passbolt API
 CVE-2025-27616 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)
-	TODO: check
+	NOT-FOR-US: Vela
 CVE-2025-27615 (umatiGateway is software for connecting OPC Unified Architecture serve ...)
-	TODO: check
+	NOT-FOR-US: umatiGateway
 CVE-2025-27257 (Insufficient Verification of Data Authenticity vulnerability in GE Ver ...)
-	TODO: check
+	NOT-FOR-US: GE Vernova UR IED family devices
 CVE-2025-27256 (Missing Authentication for Critical Function vulnerability in GE Verno ...)
-	TODO: check
+	NOT-FOR-US: GE Vernova Enervista UR Setup application
 CVE-2025-27255 (Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR ...)
-	TODO: check
+	NOT-FOR-US: GE Vernova EnerVista UR Setup
 CVE-2025-27254 (Improper Authentication vulnerability in GE Vernova EnerVista UR Setup ...)
-	TODO: check
+	NOT-FOR-US: GE Vernova EnerVista UR Setup
 CVE-2025-27253 (An improper input validation in GE Vernova UR IED family devices from  ...)
-	TODO: check
+	NOT-FOR-US: GE Vernova UR IED family devices
 CVE-2025-27136 (LocalS3 is an Amazon S3 mock service for testing and local development ...)
 	TODO: check
 CVE-2025-26936 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26933 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-26916 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	TODO: check
 CVE-2025-26910 (Cross-Site Request Forgery (CSRF) vulnerability in Iqonic Design WPBoo ...)
@@ -101,11 +101,11 @@ CVE-2024-54463 (This issue was addressed with improved entitlements. This issue
 CVE-2024-53307 (A reflected cross-site scripting (XSS) vulnerability in the /mw/ endpo ...)
 	TODO: check
 CVE-2024-52905 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 a ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-52812 (LF Edge eKuiper is an internet-of-things data analytics and stream pro ...)
 	TODO: check
 CVE-2024-47109 (IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through  ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2024-44227 (The issue was addressed with improved memory handling. This issue is f ...)
 	TODO: check
 CVE-2024-44192 (The issue was addressed with improved checks. This issue is fixed in w ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/39bd01fd52f9f8a536c8e8b2cd4e7b06afc363a9...8c697e8765fe5f6ba1247bf68ccfdc9f7cabee60

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/39bd01fd52f9f8a536c8e8b2cd4e7b06afc363a9...8c697e8765fe5f6ba1247bf68ccfdc9f7cabee60
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250310/844c16d8/attachment.htm>