[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 16 12:15:04 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b8255c2b by Salvatore Bonaccorso at 2025-05-16T13:14:03+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -90,15 +90,15 @@ CVE-2025-48174 (In libavif before 1.3.0, makeRoom in stream.c has an integer ove
 CVE-2025-47930 (Zulip is an open-source team chat application. Starting in version 10. ...)
 	- zulip-server <itp> (bug #800052)
 CVE-2025-47929 (DumbDrop, a file upload application that provides an interface for dra ...)
-	TODO: check
+	NOT-FOR-US: DumbDrop
 CVE-2025-47928 (Spotipy is a Python library for the Spotify Web API. As of commit 4f57 ...)
 	TODO: check
 CVE-2025-47809 (Wibu CodeMeter before 8.30a sometimes allows privilege escalation imme ...)
-	TODO: check
+	NOT-FOR-US: Wibu CodeMeter
 CVE-2025-47287 (Tornado is a Python web framework and asynchronous networking library. ...)
 	TODO: check
 CVE-2025-47275 (Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management ...)
-	TODO: check
+	NOT-FOR-US: Auth0-PHP
 CVE-2025-3624 (Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hi ...)
 	NOT-FOR-US: Hitachi
 CVE-2025-3516 (The Simple Lightbox WordPress plugin before 2.9.4 does not validate an ...)
@@ -300,7 +300,7 @@ CVE-2024-5440 (The If-So Dynamic Content Personalization WordPress plugin before
 CVE-2024-5026 (The CM Tooltip Glossary WordPress plugin before 4.3.4 does not sanitis ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-53827 (Ericsson Packet Core Controller (PCC) contains a vulnerability where a ...)
-	TODO: check
+	NOT-FOR-US: Ericsson
 CVE-2024-51475 (IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML  ...)
 	NOT-FOR-US: IBM
 CVE-2024-4665 (The EventPrime  WordPress plugin before 3.5.0 does not properly valida ...)
@@ -1077,7 +1077,7 @@ CVE-2025-20095 (Incorrect Default Permissions for some Intel(R) RealSense\u2122
 CVE-2025-20084 (Uncontrolled resource consumption for some Edge Orchestrator software  ...)
 	NOT-FOR-US: Intel
 CVE-2025-20083 (Improper authentication in the firmware for the Intel(R) Slim Bootload ...)
-	TODO: check
+	NOT-FOR-US: Intel
 CVE-2025-20082 (Time-of-check time-of-use race condition in the UEFI firmware SmiVaria ...)
 	NOT-FOR-US: Intel
 CVE-2025-20079 (Uncontrolled search path for some Intel(R) Advisor software may allow  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8255c2be1deac100a936872c994b09b0361e832

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8255c2be1deac100a936872c994b09b0361e832
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/cd2c0447/attachment.htm>

More information about the debian-security-tracker-commits mailing list