[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Oct 21 23:24:46 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af8919e0 by Moritz Muehlenhoff at 2025-10-22T00:24:20+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -357,7 +357,7 @@ CVE-2025-12004 (Incorrect Permission Assignment for Critical Resource vulnerabil
 CVE-2025-12001 (Lack of application manifest sanitation could lead to potential stored ...)
 	NOT-FOR-US: Azure Access Technology
 CVE-2025-11949 (EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing  ...)
-	TODO: check
+	NOT-FOR-US: Digiwin EasyFlow .NET
 CVE-2025-11536 (The Element Pack Addons for Elementor plugin for WordPress is vulnerab ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-10916 (The FormGent  WordPress plugin before 1.0.4 is vulnerable to arbitrary ...)
@@ -530,7 +530,7 @@ CVE-2025-31342 (An unrestricted upload of file with dangerous type vulnerability
 CVE-2025-11948 (Document Management System developed by Excellent Infotek has an Arbit ...)
 	NOT-FOR-US: Document Management System developed by Excellent Infotek
 CVE-2025-11947 (A weakness has been identified in bftpd up to 6.2. Impacted is the fun ...)
-	TODO: check
+	NOT-FOR-US: bftpd
 CVE-2025-11946 (A security flaw has been discovered in LogicalDOC Community Edition up ...)
 	NOT-FOR-US: LogicalDOC Community Edition
 CVE-2025-11945 (A vulnerability was identified in toeverything AFFiNE up to 0.24.1. Th ...)
@@ -853,7 +853,7 @@ CVE-2025-11899 (Agentflow developed by Flowring has an Use of Hard-coded Cryptog
 CVE-2025-11898 (Agentflow developed by Flowring has an Arbitrary File Reading vulnerab ...)
 	NOT-FOR-US: Flowring
 CVE-2025-11896 (In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseC ...)
-	TODO: check
+	- xpdf <not-affected> (Debian uses poppler)
 CVE-2025-11864 (A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. Th ...)
 	NOT-FOR-US: NucleoidAI Nucleoid
 CVE-2025-11849 (Versions of the package mammoth from 0.3.25 and before 1.11.0; version ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8919e0d690284fc7a5f3e44d8b5660f353a7ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/af8919e0d690284fc7a5f3e44d8b5660f353a7ea
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251021/403e4446/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list