[Git][security-tracker-team/security-tracker][master] Demote CVE-2025-54869 to unimportant

Thu, 07 Aug 2025 21:22:49 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d3bf6652 by Salvatore Bonaccorso at 2025-08-08T06:21:55+02:00
Demote CVE-2025-54869 to unimportant

Thanks: Bastien Roucariès for the analysis.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -459,12 +459,12 @@ CVE-2025-54873 (RISC Zero is a zero-knowledge verifiable 
general computing platf
 CVE-2025-54872 (onion-site-template is a complete, scalable tor hidden service 
self-ho ...)
        NOT-FOR-US: onion-site-template
 CVE-2025-54869 (FPDI is a collection of PHP classes that facilitate reading 
pages from ...)
-       - icingaweb2-module-pdfexport <unfixed>
-       [bullseye] - icingaweb2-module-pdfexport <postponed> (minor; DoS)
+       - icingaweb2-module-pdfexport <unfixed> (unimportant)
        NOTE: 
https://github.com/Setasign/FPDI/security/advisories/GHSA-jxhh-4648-vpp3
        NOTE: 
https://github.com/Setasign/FPDI/commit/ba671ba9221cffd32c2dda87316c19f522a1c5f0
-       NOTE: icingaweb2-module-pdfexport embedds FPDI
-       NOTE: Likely not affected CVE is on import PDF module, likely not used 
by codepath of pdfexport
+       NOTE: icingaweb2-module-pdfexport embedds FPDI but likely not affected 
by the CVE, as
+       NOTE: the CVE is on the PDF parser while importing an untrusted PDF. 
icingaweb2-module-pdfexport
+       NOTE: exports a controlled PDF.
 CVE-2025-54801 (Fiber is an Express inspired web framework written in Go. In 
versions  ...)
        NOT-FOR-US: Fiber
 CVE-2025-54655 (Race condition vulnerability in the virtualization base 
module. Succes ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3bf6652a7565dcc756dea40601c4e85ea9fae21

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3bf6652a7565dcc756dea40601c4e85ea9fae21
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to