[Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Nov 24 20:13:49 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0e906a68 by security tracker role at 2025-11-24T20:13:40+00:00
automatic NOT-FOR-US entries update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-65998 (Apache Syncope can be configured to store the user password values in  ...)
-	TODO: check
+	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-65503 (Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 a ...)
 	TODO: check
 CVE-2025-65502 (Null pointer dereference in add_ca_certs() in Cesanta Mongoose before  ...)
@@ -75,7 +75,7 @@ CVE-2025-41017 (Inadequate access control vulnerability in Davantis DDFUSION v6.
 CVE-2025-41016 (Inadequate access control vulnerability in Davantis DFUSION v6.177.7,  ...)
 	TODO: check
 CVE-2025-36112 (IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 thro ...)
-	TODO: check
+	NOT-FOR-US: IBM
 CVE-2025-13609 (A vulnerability has been identified in keylime where an attacker can e ...)
 	TODO: check
 CVE-2025-13598
@@ -105,13 +105,13 @@ CVE-2025-12740 (A Looker user with a Developer role could create a database conn
 CVE-2025-12739 (An attacker with viewer permissions in Looker could craft a malicious  ...)
 	TODO: check
 CVE-2025-12628 (The WP 2FA WordPress plugin does not generate backup codes with enough ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-11921 (iStats contains an insecure XPC service that allows local, unprivilege ...)
 	TODO: check
 CVE-2025-10555 (A stored Cross-site Scripting (XSS) vulnerability affecting Service It ...)
-	TODO: check
+	NOT-FOR-US: Dassault Systemes
 CVE-2025-10554 (A stored Cross-site Scripting (XSS) vulnerability affecting Requiremen ...)
-	TODO: check
+	NOT-FOR-US: Dassault Systemes
 CVE-2025-0005 (Improper input validation within the XOCL driver may allow a local att ...)
 	TODO: check
 CVE-2025-59820 [Heap-based buffer overflow when parsing TGA files]



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e906a6852c72e10e5fad7491f7fdd8f4db081a3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0e906a6852c72e10e5fad7491f7fdd8f4db081a3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251124/aeed2b87/attachment.htm>

More information about the debian-security-tracker-commits mailing list