Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d7b5e5f by Moritz Muehlenhoff at 2025-03-03T15:04:22+01:00
auto-nfu: Add PHPGurukul
- - - - -
2fcd0355 by Moritz Muehlenhoff at 2025-03-03T15:04:22+01:00
cvlist.el: Fix Emacs 30 compat for two functions
- - - - -
9c24b41e by Moritz Muehlenhoff at 2025-03-03T15:04:22+01:00
NFUs
- - - - -
3 changed files:
- conf/cvelist.el
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
conf/cvelist.el
=====================================
@@ -24,6 +24,7 @@
; TODO: Tab completion for existing NFUs
(defun debian-cvelist-insert-not-for-us ()
"Insert NOT-FOR-US keyword."
+ (interactive)
(setq last-nfu (read-string "Name of software: " last-nfu))
(interactive)
(beginning-of-line)
@@ -37,6 +38,7 @@
(defun debian-cvelist-insert-bug ()
"Add bugnumber to end of line."
+ (interactive)
(setq bugnum (read-string "Bug number (without #): " bugnum))
(interactive)
(end-of-line)
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2025-27590 (In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID
migration ...)
- TODO: check
+ NOT-FOR-US: oxidized-web
CVE-2025-27585 (A stored cross-site scripting (XSS) vulnerability in Serosoft
Solution ...)
NOT-FOR-US: Serosoft Solutions
CVE-2025-27584 (A stored cross-site scripting (XSS) vulnerability in Serosoft
Solution ...)
@@ -7,7 +7,7 @@ CVE-2025-27584 (A stored cross-site scripting (XSS)
vulnerability in Serosoft So
CVE-2025-27583 (Incorrect access control in the component
/rest/staffResource/findAllU ...)
NOT-FOR-US: Serosoft Solutions
CVE-2025-27579 (In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an
/api/syste ...)
- TODO: check
+ NOT-FOR-US: Bitaxe ESP-Miner
CVE-2025-25953 (Serosoft Solutions Pvt Ltd Academia Student Information System
(SIS) E ...)
NOT-FOR-US: Serosoft Solutions
CVE-2025-25952 (An Insecure Direct Object References (IDOR) in the component
/getStude ...)
@@ -41,11 +41,11 @@ CVE-2025-20645 (In KeyInstall, there is a possible out of
bounds write due to a
CVE-2025-20644 (In Modem, there is a possible memory corruption due to
incorrect error ...)
NOT-FOR-US: MediaTek
CVE-2025-1857 (A vulnerability classified as critical has been found in
PHPGurukul Ni ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-1856 (A vulnerability was found in Codezips Gym Management System
1.0. It ha ...)
TODO: check
CVE-2025-1855 (A vulnerability was found in PHPGurukul Online Shopping Portal
2.1. It ...)
- TODO: check
+ NOT-FOR-US: PHPGurukul
CVE-2025-1854 (A vulnerability was found in Codezips Gym Management System
1.0. It ha ...)
TODO: check
CVE-2025-1853 (A vulnerability was found in Tenda AC8 16.03.34.06 and
classified as c ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -19,6 +19,8 @@
description: '.*\b(?i: d-link)\b.*'
- reason: ESAFENET
description: '.*\bESAFENET\b.*'
+- reason: PHPGurukul
+ description: '.*\bPHPGurukul\b.*'
- reason: Serosoft Solutions
description: '.*\bSerosoft\b.*'
- reason: Tenda
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57003f734b8576e6f0a3a4c352498ff8102233cb...9c24b41e24ddfeab3f2546cf946415d12cfa564f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/57003f734b8576e6f0a3a4c352498ff8102233cb...9c24b41e24ddfeab3f2546cf946415d12cfa564f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
