[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f976624e by Salvatore Bonaccorso at 2025-11-29T10:06:34+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,43 +9,43 @@ CVE-2025-66225 (OrangeHRM is a comprehensive human resource management (HRM) sys
 CVE-2025-66224 (OrangeHRM is a comprehensive human resource management (HRM) system. F ...)
 	- orangehrm <itp> (bug #786622)
 CVE-2025-66223 (OpenObserve is a cloud-native observability platform. Prior to version ...)
-	TODO: check
+	NOT-FOR-US: OpenObserve
 CVE-2025-66221 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...)
 	TODO: check
 CVE-2025-66219 (willitmerge is a command line tool to check if pull requests are merge ...)
-	TODO: check
+	NOT-FOR-US: willitmerge
 CVE-2025-66217 (AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a ...)
-	TODO: check
+	NOT-FOR-US: AIS-catcher
 CVE-2025-66216 (AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a ...)
-	TODO: check
+	NOT-FOR-US: AIS-catcher
 CVE-2025-66201 (LibreChat is a ChatGPT clone with additional features. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: LibreChat
 CVE-2025-66036 (Retro is an online platform providing items of vintage collections. Pr ...)
-	TODO: check
+	NOT-FOR-US: Retro
 CVE-2025-66034 (fontTools is a library for manipulating fonts, written in Python. In v ...)
 	TODO: check
 CVE-2025-66027 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65892 (Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2  ...)
-	TODO: check
+	NOT-FOR-US: krpano Panorama Viewer
 CVE-2025-65540 (Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1. ...)
-	TODO: check
+	NOT-FOR-US: xmall
 CVE-2025-65113 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: ClipBucket
 CVE-2025-65112 (PubNet is a self-hosted Dart & Flutter package service. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: PubNet
 CVE-2025-64715 (Cilium is a networking, observability, and security solution with an e ...)
 	TODO: check
 CVE-2025-53939 (Kiteworks is a private data network (PDN). Prior to version 9.1.0, imp ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2025-53900 (Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2025-53899 (Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2025-53897 (Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2025-53896 (Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior t ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2024-9183
 	- gitlab <not-affected> (Vulnerable code not present)
 CVE-2025-51736 (File upload vulnerability in HCL Technologies Ltd. Unica 12.0.0.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f976624e84acdc91526d1df6c2c52482fe9c83c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f976624e84acdc91526d1df6c2c52482fe9c83c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251129/b9fd9460/attachment.htm>