[Git][security-tracker-team/security-tracker][master] NFUs

Thu May 15 08:57:49 BST 2025


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
62364266 by Moritz Muehlenhoff at 2025-05-15T09:57:36+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,11 +18,11 @@ CVE-2025-46836 [Stack-based Buffer Overflow in net-tools (get_name)]
 CVE-2025-4641 (Improper Restriction of XML External Entity Reference vulnerability in ...)
 	NOT-FOR-US: bonigarcia webdrivermanager WebDriverManager
 CVE-2025-4640 (Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Over ...)
-	TODO: check
+	NOT-FOR-US: PointCloudLibrary pcl using an outdated zlib copy
 CVE-2025-4639 (CWE-611 Improper Restriction of XML External Entity Reference in the g ...)
 	NOT-FOR-US: Peergos
 CVE-2025-4638 (A vulnerability exists in the inftrees.c component of the zlib library ...)
-	TODO: check
+	NOT-FOR-US: PointCloudLibrary pcl using an outdated zlib copy
 CVE-2025-4637 (Divide By Zero vulnerability in davisking dlib allows   remote attacke ...)
 	NOT-FOR-US: davisking dlib
 CVE-2025-4430 (Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows ...)
@@ -77,7 +77,7 @@ CVE-2025-3932 (It was possible to craft an email that showed a tracking link as
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3932
 CVE-2025-3931 (A flaw was found in Yggdrasil, which acts as a system broker, allowing ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Yggdrasil, different from src:yggdrasil
 CVE-2025-3909 (Thunderbird's handling of the X-Mozilla-External-Attachment-URL header ...)
 	- thunderbird <unfixed>
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/#CVE-2025-3909
@@ -158,7 +158,7 @@ CVE-2024-58101 (Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetoot
 CVE-2024-57273 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
 	NOT-FOR-US: Netgate pfSense CE
 CVE-2024-57096 (An issue in wps office before v.19302 allows a local attacker to obtai ...)
-	TODO: check
+	NOT-FOR-US: WPS Office
 CVE-2024-56157 (iTop is an web based IT Service Management tool. Prior to versions 3.1 ...)
 	NOT-FOR-US: iTop
 CVE-2024-54780 (Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plu ...)
@@ -370,7 +370,7 @@ CVE-2025-20003 (Improper link resolution before file access ('Link Following') f
 CVE-2025-0020 (Violation of Secure Design Principles, Hidden Functionality, Incorrect ...)
 	TODO: check
 CVE-2024-52290 (LF Edge eKuiper is a lightweight internet of things (IoT) data analyti ...)
-	TODO: check
+	NOT-FOR-US: LF Edge eKuiper
 CVE-2024-48869 (Improper restriction of software interfaces to hardware features for s ...)
 	TODO: check
 CVE-2024-47800 (Uncontrolled search path for some Intel(R) Graphics Driver software ma ...)
@@ -699,7 +699,7 @@ CVE-2025-29826 (Improper handling of insufficient permissions or privileges in M
 CVE-2025-28057 (owl-admin v3.2.2~ to v4.10.2 is vulnerable to SQL Injection in /admin- ...)
 	NOT-FOR-US: owl-admin
 CVE-2025-28056 (rebuild v3.9.0 through v3.9.3 has a SQL injection vulnerability in /ad ...)
-	TODO: check
+	NOT-FOR-US: rebuild
 CVE-2025-28055 (upset-gal-web v7.1.0 /api/music/v1/cover.ts contains an arbitrary file ...)
 	NOT-FOR-US: upset-gal-web
 CVE-2025-27696 (Improper Authorization vulnerability in Apache Superset allows ownersh ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62364266745dd646712e2b5f61a220e3435f99e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/62364266745dd646712e2b5f61a220e3435f99e8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250515/74f58f36/attachment-0001.htm>
