[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Sep 3 20:34:15 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26e919c5 by Salvatore Bonaccorso at 2025-09-03T21:34:00+02:00
Process some NFUs

- - - - -
9aff4b2a by Salvatore Bonaccorso at 2025-09-03T21:34:00+02:00
Add CVE-2025-54588/envoyproxy

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,13 +79,13 @@ CVE-2025-9260 (The Fluent Forms \u2013 Customizable Contact Forms, Survey, Quiz,
 CVE-2025-8663 (Insertion of Sensitive Information into Log File vulnerability in upKe ...)
 	NOT-FOR-US: upKeeper Solutions upKeeper Manager
 CVE-2025-58351 (Outline is a service that allows for collaborative documentation. In v ...)
-	TODO: check
+	NOT-FOR-US: Outline
 CVE-2025-58272 (Cross-site request forgery vulnerability exists in Web Caster V130 ver ...)
-	TODO: check
+	NOT-FOR-US: Web Caster V130
 CVE-2025-58210 (Missing Authorization vulnerability in ThemeMove Makeaholic allows Exp ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58176 (Dive is an open-source MCP Host Desktop Application that enables integ ...)
-	TODO: check
+	NOT-FOR-US: Dive
 CVE-2025-58170
 	REJECTED
 CVE-2025-58169
@@ -101,11 +101,11 @@ CVE-2025-58165
 CVE-2025-58164
 	REJECTED
 CVE-2025-58163 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
-	TODO: check
+	NOT-FOR-US: FreeScout
 CVE-2025-57806 (Local Deep Research is an AI-powered research assistant for deep, iter ...)
-	TODO: check
+	NOT-FOR-US: Local Deep Research
 CVE-2025-54588 (Envoy is an open source L7 proxy and communication bus designed for la ...)
-	TODO: check
+	- envoyproxy <itp> (bug #987544)
 CVE-2025-26416 (In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible o ...)
 	TODO: check
 CVE-2025-22442 (In multiple functions of DevicePolicyManagerService.java, there is a p ...)
@@ -232,15 +232,15 @@ CVE-2025-8614 (NoMachine Uncontrolled Search Path Element Local Privilege Escala
 CVE-2025-8613 (Vacron Camera ping Command Injection Remote Code Execution Vulnerabili ...)
 	NOT-FOR-US: Vacron Camera
 CVE-2025-8302 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Lo ...)
-	TODO: check
+	NOT-FOR-US: Realtek rtl81xx SDK Wi-Fi driver
 CVE-2025-8301 (Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-bas ...)
-	TODO: check
+	NOT-FOR-US: Realtek RTL8811AU drivers
 CVE-2025-8300 (Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Lo ...)
-	TODO: check
+	NOT-FOR-US: Realtek rtl81xx SDK Wi-Fi driver
 CVE-2025-8299 (Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap- ...)
-	TODO: check
+	NOT-FOR-US: Realtek rtl81xx SDK Wi-Fi driver
 CVE-2025-8298 (Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOi ...)
-	TODO: check
+	NOT-FOR-US: Realtek RTL8811AU drivers
 CVE-2025-7976 (Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data R ...)
 	NOT-FOR-US: Anritsu ShockLine
 CVE-2025-7975 (Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Exe ...)
@@ -314,7 +314,7 @@ CVE-2025-52544 (E3 Site Supervisor Control (firmware version < 2.31F01) has a fl
 CVE-2025-52543 (E3 Site Supervisor Control (firmware version < 2.31F01) application se ...)
 	NOT-FOR-US: E3 Site Supervisor Control
 CVE-2025-51966 (A cross-site scripting (XSS) vulnerability exists in the PDF preview f ...)
-	TODO: check
+	NOT-FOR-US: uTools
 CVE-2025-50757 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)
 	NOT-FOR-US: Wavlink
 CVE-2025-50755 (Wavlink WN535K3 20191010 was found to contain a command injection vuln ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/003c0ca3eab53d38cbdfa92f6f170d5574d1698a...9aff4b2aa086299dab8d19acd8360166ffc0eba1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/003c0ca3eab53d38cbdfa92f6f170d5574d1698a...9aff4b2aa086299dab8d19acd8360166ffc0eba1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250903/c37b0111/attachment.htm>

More information about the debian-security-tracker-commits mailing list