[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 6 09:53:07 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8495b585 by Salvatore Bonaccorso at 2025-09-06T10:52:31+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2025-9961 (An authenticated attacker may remotely execute arbitrary code via the  ...)
-	TODO: check
+	NOT-FOR-US: TP-Link
 CVE-2025-9853 (The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-9849 (The Html Social share buttons plugin for WordPress is vulnerable to St ...)
@@ -55,27 +55,27 @@ CVE-2025-58905
 CVE-2025-58904
 	REJECTED
 CVE-2025-58439 (ERP is a free and open source Enterprise Resource Planning tool. In ve ...)
-	TODO: check
+	NOT-FOR-US: ERP (frappe/erpnext)
 CVE-2025-58437 (Coder allows organizations to provision remote development environment ...)
 	TODO: check
 CVE-2025-58375
 	REJECTED
 CVE-2025-58374 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
-	TODO: check
+	NOT-FOR-US: Roo Code
 CVE-2025-58373 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
-	TODO: check
+	NOT-FOR-US: Roo Code
 CVE-2025-58372 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
-	TODO: check
+	NOT-FOR-US: Roo Code
 CVE-2025-58371 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
-	TODO: check
+	NOT-FOR-US: Roo Code
 CVE-2025-58370 (Roo Code is an AI-powered autonomous coding agent that lives in users' ...)
-	TODO: check
+	NOT-FOR-US: Roo Code
 CVE-2025-58369 (fs2 is a compositional, streaming I/O library for Scala. Versions 3.12 ...)
-	TODO: check
+	NOT-FOR-US: fs2 compositional, streaming I/O library for Scala
 CVE-2025-58367 (DeepDiff is a project focused on Deep Difference and search of any Pyt ...)
 	TODO: check
 CVE-2025-58366 (Onyxia is a data science environment for kubernetes. In versions 4.6.0 ...)
-	TODO: check
+	NOT-FOR-US: Onyxia
 CVE-2025-53791 (Improper access control in Microsoft Edge (Chromium-based) allows an u ...)
 	NOT-FOR-US: Microsoft
 CVE-2025-10061 (An authorized user can cause a crash in the MongoDB Server through a s ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8495b58571a7b5c9b421487be496b4c3393ca990

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8495b58571a7b5c9b421487be496b4c3393ca990
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250906/275f11eb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list