[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Sep 27 11:16:30 BST 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1a622ab7 by Salvatore Bonaccorso at 2025-09-27T12:16:06+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,9 +21,9 @@ CVE-2025-59939 (WeGIA is a Web manager for charitable institutions. Prior to ver
 CVE-2025-59938 (Wazuh is a free and open source platform used for threat prevention, d ...)
 	NOT-FOR-US: Wazuh
 CVE-2025-59936 (get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0 ...)
-	TODO: check
+	NOT-FOR-US: get-jwks
 CVE-2025-59934 (Formbricks is an open source qualtrics alternative. Prior to version 4 ...)
-	TODO: check
+	NOT-FOR-US: Formbricks
 CVE-2025-59932 (Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 t ...)
 	NOT-FOR-US: Flag Forge
 CVE-2025-59845 (Apollo Studio Embeddable Explorer & Embeddable Sandbox are website emb ...)
@@ -31,13 +31,13 @@ CVE-2025-59845 (Apollo Studio Embeddable Explorer & Embeddable Sandbox are websi
 CVE-2025-50879
 	REJECTED
 CVE-2025-3193 (Versions of the package algoliasearch-helper from 2.0.0-rc1 and before ...)
-	TODO: check
+	NOT-FOR-US: algoliasearch-helper package for Node.js
 CVE-2025-36239 (IBM Storage TS4500 Library 1.11.0.0 and 2.11.0.0   is vulnerable to cr ...)
 	NOT-FOR-US: IBM
 CVE-2025-36144 (IBM Lakehouse (watsonx.data 2.2) stores potentially sensitive informat ...)
 	NOT-FOR-US: IBM
 CVE-2025-11052 (A security flaw has been discovered in kidaze CourseSelectionSystem 1. ...)
-	TODO: check
+	NOT-FOR-US: kidaze CourseSelectionSystem
 CVE-2025-11051 (A vulnerability has been found in SourceCodester Pet Grooming Manageme ...)
 	NOT-FOR-US: SourceCodester
 CVE-2025-11050 (A flaw has been found in Portabilis i-Educar up to 2.10. This affects  ...)
@@ -49,15 +49,15 @@ CVE-2025-11048 (A security vulnerability has been detected in Portabilis i-Educa
 CVE-2025-11047 (A weakness has been identified in Portabilis i-Educar up to 2.10. Affe ...)
 	NOT-FOR-US: Portabilis
 CVE-2025-11046 (A security flaw has been discovered in Tencent WeKnora 0.1.0. This imp ...)
-	TODO: check
+	NOT-FOR-US: Tencent WeKnora
 CVE-2025-11045 (A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and ...)
-	TODO: check
+	NOT-FOR-US: WAYOS
 CVE-2025-11041 (A vulnerability has been found in itsourcecode Open Source Job Portal  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode Open Source Job Portal
 CVE-2025-11040 (A vulnerability was detected in code-projects Hostel Management System ...)
 	NOT-FOR-US: code-projects
 CVE-2025-10954 (Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 a ...)
-	TODO: check
+	NOT-FOR-US: phonenumbers Go package (github.com/nyaruka/phonenumbers)
 CVE-2025-10657 (In a hardened Docker environment, with Enhanced Container Isolation (  ...)
 	NOT-FOR-US: Docker products not packaged in Debian
 CVE-2025-10499 (The Ninja Forms \u2013 The Contact Form Builder That Grows With You pl ...)
@@ -360,11 +360,11 @@ CVE-2025-11015 (A weakness has been identified in OGRECave Ogre up to 14.4.1. Im
 CVE-2025-11014 (A security flaw has been discovered in OGRECave Ogre up to 14.4.1. Thi ...)
 	TODO: check
 CVE-2025-11013 (A vulnerability was identified in BehaviorTree up to 4.7.0. This vulne ...)
-	TODO: check
+	NOT-FOR-US: BehaviorTree
 CVE-2025-11012 (A vulnerability was determined in BehaviorTree up to 4.7.0. This affec ...)
-	TODO: check
+	NOT-FOR-US: BehaviorTree
 CVE-2025-11011 (A vulnerability was found in BehaviorTree up to 4.7.0. Affected by thi ...)
-	TODO: check
+	NOT-FOR-US: BehaviorTree
 CVE-2025-11010 (A vulnerability has been found in vstakhov libucl up to 0.9.2. Affecte ...)
 	TODO: check
 CVE-2025-10871 (An issue has been discovered in GitLab EE affecting all versions from  ...)
@@ -376,7 +376,7 @@ CVE-2025-10867 (An issue has been discovered in GitLab CE/EE affecting all versi
 CVE-2025-10858 (An issue was discovered in GitLab CE/EE affecting all versions before  ...)
 	TODO: check
 CVE-2025-10544 (Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.1 ...)
-	TODO: check
+	NOT-FOR-US: DocAve
 CVE-2025-10925 [ZDI-CAN-27793: GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability]
 	- gimp <unfixed>
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/14816
@@ -735,7 +735,7 @@ CVE-2025-10949 (A vulnerability was found in Changsha Developer Technology iView
 CVE-2025-10948 (A vulnerability has been found in MikroTik RouterOS 7. This affects th ...)
 	NOT-FOR-US: MikroTik
 CVE-2025-10947 (A flaw has been found in Sistemas Pleno Gest\xe3o de Loca\xe7\xe3o up  ...)
-	TODO: check
+	NOT-FOR-US: Sistemas Pleno Gestao de Locaco
 CVE-2025-10946 (A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0 ...)
 	NOT-FOR-US: nuz007 smsboom
 CVE-2025-10945 (A security vulnerability has been detected in nuz007 smsboom up to 01b ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a622ab7880b9271db0d4203b38aaa28200141e7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a622ab7880b9271db0d4203b38aaa28200141e7
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250927/ae5e9792/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list