[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Nov 11 09:03:20 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
75de619c by Salvatore Bonaccorso at 2025-11-11T10:02:54+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,15 +29,15 @@ CVE-2025-64512 (Pdfminer.six is a community maintained fork of the original PDFM
 	NOTE: https://github.com/pdfminer/pdfminer.six/security/advisories/GHSA-wf5f-4jwr-ppcp
 	NOTE: Fixed by: https://github.com/pdfminer/pdfminer.six/commit/b808ee05dd7f0c8ea8ec34bdf394d40e63501086 (20251107)
 CVE-2025-64509 (Bugsink is a self-hosted error tracking tool. In versions prior to 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Bugsink
 CVE-2025-64508 (Bugsink is a self-hosted error tracking tool. In versions prior to 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Bugsink
 CVE-2025-64504 (Langfuse is an open source large language model engineering platform.  ...)
-	TODO: check
+	NOT-FOR-US: Langfuse
 CVE-2025-64502 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2025-64501 (ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatib ...)
-	TODO: check
+	NOT-FOR-US: ProsemirrorToHtml
 CVE-2025-64484 (OAuth2-Proxy is an open-source tool that can act as either a standalon ...)
 	TODO: check
 CVE-2025-64183 (OpenEXR provides the specification and reference implementation of the ...)
@@ -47,11 +47,11 @@ CVE-2025-64182 (OpenEXR provides the specification and reference implementation
 CVE-2025-64181 (OpenEXR provides the specification and reference implementation of the ...)
 	TODO: check
 CVE-2025-64167 (Combodo iTop is a web based IT service management tool. Versions prior ...)
-	TODO: check
+	NOT-FOR-US: Combodo iTop
 CVE-2025-63678 (An authenticated arbitrary file upload vulnerability in the /uploads/  ...)
-	TODO: check
+	NOT-FOR-US: CMS Made Simple Foundation File Manager
 CVE-2025-63617 (ktg-mes before commit a484f96 (2025-07-03) has a fastjson deserializat ...)
-	TODO: check
+	NOT-FOR-US: ktg-mes
 CVE-2025-63397 (Improper input validation in OneFlow v0.9.0 allows attackers to cause  ...)
 	TODO: check
 CVE-2025-63384 (A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75de619ce6b638814faaeb60822ade27442ed0bf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75de619ce6b638814faaeb60822ade27442ed0bf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251111/bb99c432/attachment.htm>

More information about the debian-security-tracker-commits mailing list