[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d4499e86 by Salvatore Bonaccorso at 2025-09-30T19:20:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,7 +69,7 @@ CVE-2025-61626
 CVE-2025-61586 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and  ...)
 	- freshrss <itp> (bug #1032767)
 CVE-2025-61584 (serverless-dns is a RethinkDNS resolver that deploys to Cloudflare Wor ...)
-	TODO: check
+	NOT-FOR-US: RethinkDNS resolver
 CVE-2025-59956 (AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, an ...)
 	NOT-FOR-US: AgentAPI
 CVE-2025-59954 (Knowage is an open source analytics and business intelligence suite. V ...)
@@ -81,23 +81,23 @@ CVE-2025-59950 (FreshRSS is a free, self-hostable RSS aggregator. In versions 1.
 CVE-2025-59948 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and  ...)
 	- freshrss <itp> (bug #1032767)
 CVE-2025-59942 (go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). I ...)
-	TODO: check
+	NOT-FOR-US: go-f3
 CVE-2025-59941 (go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). I ...)
-	TODO: check
+	NOT-FOR-US: go-f3
 CVE-2025-59940 (mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin.  ...)
-	TODO: check
+	NOT-FOR-US: Mkdocs Markdown includer plugin
 CVE-2025-59937 (go-mail is a comprehensive library for sending mails with Go. In versi ...)
-	TODO: check
+	NOT-FOR-US: go-mail
 CVE-2025-59933 (libvips is a demand-driven, horizontally threaded image processing lib ...)
 	TODO: check
 CVE-2025-59668 (Multiple versions of Central Monitor CNS-6201 contain a NULL pointer d ...)
-	TODO: check
+	NOT-FOR-US: Central Monitor CNS-6201
 CVE-2025-59163 (vet is an open source software supply chain security tool. Versions 1. ...)
-	TODO: check
+	NOT-FOR-US: vet
 CVE-2025-57769 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and  ...)
 	- freshrss <itp> (bug #1032767)
 CVE-2025-57266 (An issue was discovered in file AssistantController.java in ThriveX Bl ...)
-	TODO: check
+	NOT-FOR-US: ThriveX Blogging Framework
 CVE-2025-54875 (FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 a ...)
 	- freshrss <itp> (bug #1032767)
 CVE-2025-54592 (FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and  ...)
@@ -228,7 +228,7 @@ CVE-2025-57872 (There is an unvalidated redirect vulnerability in Esri Portal fo
 CVE-2025-57871 (There is a reflected cross site scripting vulnerability in Esri Portal ...)
 	NOT-FOR-US: Esri
 CVE-2025-57516 (OS Command injection vulnerability in PublicCMS PublicCMS-V5.202506.a, ...)
-	TODO: check
+	NOT-FOR-US: PublicCMS
 CVE-2025-57483 (A reflected cross-site scripting (XSS) vulnerability in tawk.to chatbo ...)
 	NOT-FOR-US: tawk.to chatbox widget
 CVE-2025-57428 (Default credentials in Italy Wireless Mini Router WIRELESS-N 300M v28K ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4499e8614af8f1d97648b196580be811797250a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4499e8614af8f1d97648b196580be811797250a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250930/f1e999c3/attachment.htm>