[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Sep 25 04:44:44 BST 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5a16beca by Salvatore Bonaccorso at 2025-09-25T05:44:25+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35,18 +35,18 @@ CVE-2025-58457 (Improper permission check in ZooKeeper AdminServer lets authoriz
NOTE: Fixed by: https://github.com/apache/zookeeper/commit/99783741ee2027d4612701a3ec7f40df4211a1cd (release-3.9.4)
NOTE: Fixed by: https://github.com/apache/zookeeper/commit/63723a77a29dae974611702769bf62c4d77fe3f5 (release-3.9.4)
CVE-2025-57354 (A vulnerability exists in the 'counterpart' library for Node.js and th ...)
- TODO: check
+ NOT-FOR-US: 'counterpart' library for Node.js
CVE-2025-57353 (The Runtime components of messageformat package for Node.js prior to v ...)
- TODO: check
+ NOT-FOR-US: messageformat package for Node.js
CVE-2025-57352 (A vulnerability exists in the 'min-document' package prior to version ...)
- node-min-document <unfixed>
NOTE: https://github.com/Raynos/min-document/issues/54
CVE-2025-57351 (A prototype pollution vulnerability exists in the ts-fns package versi ...)
- TODO: check
+ NOT-FOR-US: ts-fns package for Node.js
CVE-2025-57350 (The csvtojson package, a tool for converting CSV data to JSON with cus ...)
- TODO: check
+ NOT-FOR-US: csvtojson package for Node.js
CVE-2025-57349 (The messageformat package, an implementation of the Unicode MessageFor ...)
- TODO: check
+ NOT-FOR-US: messageformat package for Node.js
CVE-2025-57348 (The node-cube package (prior to version 5.0.0) contains a vulnerabilit ...)
TODO: check
CVE-2025-57347 (A vulnerability exists in the 'dagre-d3-es' Node.js package version 7. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a16beca31e23a240dd20213e8fc5fcac6e83df7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5a16beca31e23a240dd20213e8fc5fcac6e83df7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250925/52f6d232/attachment.htm>
More information about the debian-security-tracker-commits
mailing list