[Git][security-tracker-team/security-tracker][master] Process some NFUs

Wed Oct 29 08:26:33 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8a4e8733 by Salvatore Bonaccorso at 2025-10-29T09:26:06+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,31 +13,31 @@ CVE-2025-64159
 CVE-2025-64158
 	REJECTED
 CVE-2025-64095 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-64094 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-62802 (DNN (formerly DotNetNuke) is an open-source web content management pla ...)
-	TODO: check
+	NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-62801 (FastMCP is the standard framework for building MCP applications. Versi ...)
-	TODO: check
+	NOT-FOR-US: FastMCP
 CVE-2025-62800 (FastMCP is the standard framework for building MCP applications. Versi ...)
-	TODO: check
+	NOT-FOR-US: FastMCP
 CVE-2025-62798 (Sharp is a content management framework built for Laravel as a package ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2025-62796 (PrivateBin is an online pastebin where the server has zero knowledge o ...)
-	TODO: check
+	NOT-FOR-US: PrivateBin
 CVE-2025-62794 (GitHub Workflow Updater is a VS Code extension that automatically pins ...)
-	TODO: check
+	NOT-FOR-US: GitHub Workflow Updater VS Code extension
 CVE-2025-62776 (The installer of WTW EAGLE (for Windows) 3.0.8.0 contains an issue wit ...)
-	TODO: check
+	NOT-FOR-US: installer of WTW EAGLE (for Windows)
 CVE-2025-62368 (Taiga is an open source project management platform. In versions 6.8.3 ...)
-	TODO: check
+	NOT-FOR-US: Taiga
 CVE-2025-61598 (Discourse is an open source discussion platform. Version before 3.6.2  ...)
 	NOT-FOR-US: Discourse
 CVE-2025-57931 (Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box a ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-4665 (WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2025-49042 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-43017 (HP ThinPro 8.1 System management application failed to verify user's t ...)
@@ -109,9 +109,9 @@ CVE-2025-54605 (Bitcoin Core through 29.0 allows Uncontrolled Resource Consumpti
 CVE-2025-54604 (Bitcoin Core through 29.0 allows Uncontrolled Resource Consumption (is ...)
 	- bitcoin <removed>
 CVE-2025-53855 (An out-of-bounds write vulnerability exists in the XML parser function ...)
-	TODO: check
+	NOT-FOR-US: GCC Productions Inc. Fade In
 CVE-2025-53814 (A use-after-free vulnerability exists in the XML parser functionality  ...)
-	TODO: check
+	NOT-FOR-US: GCC Productions Inc. Fade In
 CVE-2025-41090 (microCLAUDIA in v3.2.0 and prior has an improper access control vulner ...)
 	NOT-FOR-US: microCLAUDIA
 CVE-2025-40843 (CodeChecker is an analyzer tooling, defect database and viewer extensi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4e8733a52c4fa0e1ba2b7912ce57f7fd148336

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8a4e8733a52c4fa0e1ba2b7912ce57f7fd148336
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251029/99f9cfb3/attachment.htm>
