[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Sep 9 21:49:21 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
39d164b4 by Salvatore Bonaccorso at 2025-09-09T22:49:07+02:00
Process some NFUs

- - - - -
cef4e3fd by Salvatore Bonaccorso at 2025-09-09T22:49:07+02:00
Add CVE-2025-58180/octoprint, itp'ed

- - - - -
36a985d7 by Salvatore Bonaccorso at 2025-09-09T22:49:08+02:00
Add CVE-2025-58063/coredns, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -96,39 +96,39 @@ CVE-2025-58976 (Missing Authorization vulnerability in Equalize Digital Accessib
 CVE-2025-58975 (Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanc ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58762 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2025-58761 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2025-58760 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2025-58759 (TinyEnv is an environment variable loader for PHP applications. In ver ...)
-	TODO: check
+	NOT-FOR-US: TinyEnv
 CVE-2025-58758 (TinyEnv is an environment variable loader for PHP applications. In ver ...)
-	TODO: check
+	NOT-FOR-US: TinyEnv
 CVE-2025-58753 (Copyparty is a portable file server. In versions prior to 1.19.8, ther ...)
-	TODO: check
+	NOT-FOR-US: Copyparty
 CVE-2025-58442 (Saleor is an e-commerce platform. Starting in version 3.21.0 and prior ...)
-	TODO: check
+	NOT-FOR-US: Saleor
 CVE-2025-58435 (Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 a ...)
-	TODO: check
+	NOT-FOR-US: Open OnDemand
 CVE-2025-58430 (listmonk is a standalone, self-hosted, newsletter and mailing list man ...)
-	TODO: check
+	NOT-FOR-US: listmonk
 CVE-2025-58215 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58180 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
-	TODO: check
+	- octoprint <itp> (bug #718591)
 CVE-2025-58063 (CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 ...)
-	TODO: check
+	- coredns <itp> (bug #880676)
 CVE-2025-57665 (Element Plus Link component (el-link) through 2.10.6 implements insuff ...)
-	TODO: check
+	NOT-FOR-US: Element Plus Link component (el-link)
 CVE-2025-57540 (A stored cross-site scripting (XSS) vulnerability exists in the WebAut ...)
-	TODO: check
+	NOT-FOR-US: Proxmox
 CVE-2025-57539 (A stored cross-site scripting (XSS) vulnerability in the U2F Origin fi ...)
-	TODO: check
+	NOT-FOR-US: Proxmox
 CVE-2025-57538 (A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy fi ...)
-	TODO: check
+	NOT-FOR-US: Proxmox
 CVE-2025-57278 (The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B ...)
-	TODO: check
+	NOT-FOR-US: LB-Link BL-CPE300M AX300 4G LTE Router firmware
 CVE-2025-57087 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overfl ...)
 	NOT-FOR-US: Tenda
 CVE-2025-57086 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overfl ...)
@@ -170,15 +170,15 @@ CVE-2025-55728 (XWiki Remote Macros provides XWiki rendering macros that are use
 CVE-2025-55727 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
 	NOT-FOR-US: XWiki
 CVE-2025-55317 (Improper link resolution before file access ('link following') in Micr ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55316 (External control of file name or path in Azure Arc allows an authorize ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55245 (Improper link resolution before file access ('link following') in Xbox ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55243 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55236 (Time-of-check time-of-use (toctou) race condition in Graphics Kernel a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2025-55234 (SMB Server might be susceptible to relay attacks depending on the conf ...)
 	TODO: check
 CVE-2025-55232 (Deserialization of untrusted data in Microsoft High Performance Comput ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6758b665458cfb894e51a9b59463b58482a250f3...36a985d782a2ab4a8cc07610759de0703df531e0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6758b665458cfb894e51a9b59463b58482a250f3...36a985d782a2ab4a8cc07610759de0703df531e0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250909/23f01e05/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list