Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
457ddaee by Salvatore Bonaccorso at 2025-03-22T09:36:54+01:00
Mark CVE-2025-26500 as NFU
This might be a candidate for auto-nfu. The WindRiver CNA has as scope
"All Wind River branded products as found on windriver.com including
vulnerabilities in natively developed or modified product incorporated
components, and only product incorporated third-party components not in
another CNA’s scope."
But there is only one CVE assigned at all so far:
Total CVEs from WindRiver: 1
Total CVEs from WindRiver with packages assigned: 0
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2025-2477 (The CryoKey plugin for WordPress is vulnerable
to Reflected Cross
CVE-2025-2303 (The Block Logic \u2013 Full Gutenberg Block Display Control
plugin for ...)
NOT-FOR-US: WordPress plugin
CVE-2025-26500 (: Uncontrolled Resource Consumption vulnerability in Wind
River System ...)
- TODO: check
+ NOT-FOR-US: Wind River Systems
CVE-2025-1408 (The ProfileGrid \u2013 User Profiles, Groups and Communities
plugin fo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-1311 (The WooCommerce Multivendor Marketplace \u2013 REST API plugin
for Wor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/457ddaeed15bbc5f0b3e762e0ff9bbb5622512cd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/457ddaeed15bbc5f0b3e762e0ff9bbb5622512cd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
