[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 21 Jun 2025 01:57:18 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
544da722 by Salvatore Bonaccorso at 2025-06-21T10:21:53+02:00
Process some NFUs

- - - - -
3ee3ffa8 by Salvatore Bonaccorso at 2025-06-21T10:21:54+02:00
Add CVE-2025-6375/poco

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,17 @@
 CVE-2025-6401 (A vulnerability was found in TOTOLINK N300RH 
6.1c.1390_B20191101. It h ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-6400 (A vulnerability was found in TOTOLINK N300RH 
6.1c.1390_B20191101 and c ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-6399 (A vulnerability, which was classified as critical, was found in 
TOTOLI ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-6394 (A vulnerability was found in code-projects Simple Online Hotel 
Reserva ...)
        NOT-FOR-US: code-projects
 CVE-2025-6393 (A vulnerability was found in TOTOLINK A702R, A3002R, A3002RU 
and EX120 ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2025-6375 (A vulnerability was found in poco up to 1.14.1. It has been 
rated as p ...)
-       TODO: check
+       - poco <unfixed>
+       NOTE: https://github.com/pocoproject/poco/issues/4915
+       NOTE: 
https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf
 (poco-1.14.2-release)
 CVE-2025-6374 (A vulnerability was found in D-Link DIR-619L 2.06B01 and 
classified as ...)
        NOT-FOR-US: D-Link
 CVE-2025-6373 (A vulnerability has been found in D-Link DIR-619L 2.06B01 and 
classifi ...)
@@ -33,21 +35,21 @@ CVE-2025-6364 (A vulnerability has been found in 
code-projects Simple Pizza Orde
 CVE-2025-6218 (RARLAB WinRAR Directory Traversal Remote Code Execution 
Vulnerability. ...)
        TODO: check
 CVE-2025-6217 (PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use 
Inform ...)
-       TODO: check
+       NOT-FOR-US: PEAK-System Driver
 CVE-2025-6216 (Allegra calculateTokenExpDate Password Recovery Authentication 
Bypass  ...)
-       TODO: check
+       NOT-FOR-US: Allegra
 CVE-2025-5820 (Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass 
Vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Sony
 CVE-2025-5479 (Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer 
Overflow Re ...)
-       TODO: check
+       NOT-FOR-US: Sony
 CVE-2025-5478 (Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote 
Code Ex ...)
-       TODO: check
+       NOT-FOR-US: Sony
 CVE-2025-5477 (Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer 
Overflow Re ...)
-       TODO: check
+       NOT-FOR-US: Sony
 CVE-2025-5476 (Sony XAV-AX8500 Bluetooth Improper Isolation Authentication 
Bypass Vul ...)
-       TODO: check
+       NOT-FOR-US: Sony
 CVE-2025-5475 (Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow 
Remote Code ...)
-       TODO: check
+       NOT-FOR-US: Sony
 CVE-2025-5143 (The TableOn \u2013 WordPress Posts Table Filterable plugin for 
WordPre ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-5034 (The wp-file-download WordPress plugin before 6.2.6 does not 
sanitise a ...)
@@ -57,15 +59,15 @@ CVE-2025-52557 (Mail-0's Zero is an open-source email 
solution. In version 0.8 i
 CVE-2025-52556 (rfc3161-client is a Python library implementing the Time-Stamp 
Protoco ...)
        TODO: check
 CVE-2025-52552 (FastGPT is an AI Agent building platform. Prior to version 
4.9.12, the ...)
-       TODO: check
+       NOT-FOR-US: FastGPT
 CVE-2025-52488 (DNN (formerly DotNetNuke) is an open-source web content 
management pla ...)
-       TODO: check
+       NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-52487 (DNN (formerly DotNetNuke) is an open-source web content 
management pla ...)
-       TODO: check
+       NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-52486 (DNN (formerly DotNetNuke) is an open-source web content 
management pla ...)
-       TODO: check
+       NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-52485 (DNN (formerly DotNetNuke) is an open-source web content 
management pla ...)
-       TODO: check
+       NOT-FOR-US: DNN (formerly DotNetNuke)
 CVE-2025-6363 (A vulnerability, which was classified as critical, was found in 
code-p ...)
        NOT-FOR-US: code-projects
 CVE-2025-6362 (A vulnerability, which was classified as critical, has been 
found in c ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2809fa9eef61365aa32a3499a9b6affaf9aed0dd...3ee3ffa8d04cb30e9419f9c1f415d51bed4d2ab0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2809fa9eef61365aa32a3499a9b6affaf9aed0dd...3ee3ffa8d04cb30e9419f9c1f415d51bed4d2ab0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Reply via email to