[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Sat Nov 22 08:13:39 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83a1e55b by security tracker role at 2025-11-22T08:13:30+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,25 +17,25 @@ CVE-2025-65102 (PJSIP is a free and open source multimedia communication library
 CVE-2025-65092 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
 	TODO: check
 CVE-2025-43374 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-31266 (A spoofing issue was addressed with improved truncation when displayin ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-31248 (A parsing issue in the handling of directory paths was addressed with  ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-31216 (The issue was addressed with improved checks. This issue is fixed in i ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2025-13384 (The CP Contact Form with PayPal plugin for WordPress is vulnerable to  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-13317 (The Appointment Booking Calendar plugin for WordPress is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12889 (With TLS 1.2 connections a client can use any digest, specifically a w ...)
 	TODO: check
 CVE-2025-12888 (Vulnerability in X25519 constant-time cryptographic implementations du ...)
 	TODO: check
 CVE-2025-12877 (The IDonate \u2013 Blood Donation, Request And Donor Management System ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12752 (The Subscriptions & Memberships for PayPal plugin for WordPress is vul ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-12678
 	REJECTED
 CVE-2025-11936 (Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolf ...)
@@ -51,11 +51,11 @@ CVE-2025-11932 (The server previously verified the TLS 1.3 PSK binder using a no
 CVE-2025-11931 (Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305  ...)
 	TODO: check
 CVE-2025-11186 (The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11087 (The Zegen Core plugin for WordPress is vulnerable to Cross-Site Reques ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-0504 (Black Duck SCA versions prior to 2025.10.0 had user role permissions c ...)
-	TODO: check
+	NOT-FOR-US: Black Duck
 CVE-2025-66115 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66114 (Missing Authorization vulnerability in theme funda Show Variations as  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a1e55b08dfa80d82d6108ac943279d1055b927

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83a1e55b08dfa80d82d6108ac943279d1055b927
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251122/bd31b2ee/attachment.htm>
