[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 9 09:07:28 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c734cedc by Moritz Muehlenhoff at 2025-05-09T10:06:57+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -666,7 +666,7 @@ CVE-2025-46827 (Graylog is a free and open log management platform. Prior to ver
 CVE-2025-46824 (The Discourse Code Review Plugin allows users to review GitHub commits ...)
 	NOT-FOR-US: Discourse Code Review Plugin
 CVE-2025-46551 (JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSS ...)
-	TODO: check
+	NOT-FOR-US: JRuby-OpenSSL
 CVE-2025-45514 (Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the functio ...)
 	NOT-FOR-US: Tenda
 CVE-2025-45388 (Wagtail CMS 6.4.1 is vulnerable to a Stored Cross-Site Scripting (XSS) ...)
@@ -870,9 +870,9 @@ CVE-2025-47419 (Cleartext Transmission of Sensitive Information vulnerability in
 CVE-2025-47418 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
 	NOT-FOR-US: Crestron
 CVE-2025-46573 (passport-wsfed-saml2 provides passport strategy for both WS-fed and SA ...)
-	TODO: check
+	NOT-FOR-US: Node passport-wsfed-saml2
 CVE-2025-46572 (passport-wsfed-saml2 provides passport strategy for both WS-fed and SA ...)
-	TODO: check
+	NOT-FOR-US: Node passport-wsfed-saml2
 CVE-2025-44899 (There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13. ...)
 	NOT-FOR-US: Tenda
 CVE-2025-44073 (SeaCMS v13.3 was discovered to contain a SQL injection vulnerability v ...)
@@ -1015,9 +1015,9 @@ CVE-2025-47256 (Libxmp through 4.6.2 has a stack-based buffer overflow in depack
 	NOTE: https://github.com/libxmp/libxmp/pull/848
 	NOTE: Fixed by: https://github.com/libxmp/libxmp/commit/004a102c5a75ad809fc309ff73ce8d0f9ab3e456
 CVE-2025-46820 (phpgt/Dom provides access to modern DOM APIs. Versions of phpgt/Dom pr ...)
-	TODO: check
+	NOT-FOR-US: phpgt/Dom
 CVE-2025-46816 (goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 a ...)
-	TODO: check
+	NOT-FOR-US: goshs
 CVE-2025-46815 (The identity infrastructure software ZITADEL offers developers the abi ...)
 	NOT-FOR-US: Zitadel
 CVE-2025-46814 (FastAPI Guard is a security library for FastAPI that provides middlewa ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c734cedca2eca6770c1d2c1cb7ec44804315548c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c734cedca2eca6770c1d2c1cb7ec44804315548c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250509/7b9b92c3/attachment.htm>

More information about the debian-security-tracker-commits mailing list