[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sun, 07 Sep 2025 07:01:09 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
0a3802d7 by Salvatore Bonaccorso at 2025-09-04T22:36:23+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,21 +3,21 @@ CVE-2025-9636 (pgAdmin <= 9.7 is affected by a  Cross-Origin 
Opener Policy (COOP
 CVE-2025-9616 (The PopAd plugin for WordPress is vulnerable to Cross-Site 
Request For ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-8311 (dotCMS versions24.03.22 and after, identified a Boolean-based 
blind SQ ...)
-       TODO: check
+       NOT-FOR-US: dotCMS
 CVE-2025-7388 (It was possible to perform Remote Command Execution (RCE) via 
Java RMI ...)
        NOT-FOR-US: Progress Software
 CVE-2025-7385 (Input from search query parameter in GOV CMS is not sanitized 
properly ...)
-       TODO: check
+       NOT-FOR-US: GOV CMS
 CVE-2025-6984 (The langchain-ai/langchain project, specifically the 
EverNoteLoader co ...)
-       TODO: check
+       NOT-FOR-US: langchain-ai/langchain
 CVE-2025-6785 (Securing externally available CAN wires can easily allow 
physical acce ...)
-       TODO: check
+       NOT-FOR-US: Tesla Model 3
 CVE-2025-6085 (The Make Connector plugin for WordPress is vulnerable to 
arbitrary fil ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-58361 (Promptcraft Forge Studio is a toolkit for evaluating, 
optimizing, and  ...)
-       TODO: check
+       NOT-FOR-US: Promptcraft Forge Studio
 CVE-2025-58353 (Promptcraft Forge Studio is a toolkit for evaluating, 
optimizing, and  ...)
-       TODO: check
+       NOT-FOR-US: Promptcraft Forge Studio
 CVE-2025-57576 (PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross 
Site Scri ...)
        NOT-FOR-US: PHPGurukul
 CVE-2025-57263 (An authenticated SQL injection vulnerability in VX Guestbook 
1.07 allo ...)
@@ -602,11 +602,11 @@ CVE-2025-58695
 CVE-2025-58694
        REJECTED
 CVE-2025-58358 (Markdownify is a Model Context Protocol server for converting 
almost a ...)
-       TODO: check
+       NOT-FOR-US: Markdownify
 CVE-2025-58357 (5ire is a cross-platform desktop artificial intelligence 
assistant and ...)
-       TODO: check
+       NOT-FOR-US: 5ire
 CVE-2025-58355 (Soft Serve is a self-hostable Git server for the command line. 
In vers ...)
-       TODO: check
+       NOT-FOR-US: Soft Serve
 CVE-2025-58171
        REJECTED
 CVE-2025-58064 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC 
archite ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3802d736e983e189c07292bbcdbdddc59791ad

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0a3802d736e983e189c07292bbcdbdddc59791ad
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to