[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 09 Sep 2025 21:35:35 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
39d164b4 by Salvatore Bonaccorso at 2025-09-09T22:49:07+02:00
Process some NFUs

- - - - -
cef4e3fd by Salvatore Bonaccorso at 2025-09-09T22:49:07+02:00
Add CVE-2025-58180/octoprint, itp'ed

- - - - -
36a985d7 by Salvatore Bonaccorso at 2025-09-09T22:49:08+02:00
Add CVE-2025-58063/coredns, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -96,39 +96,39 @@ CVE-2025-58976 (Missing Authorization vulnerability in 
Equalize Digital Accessib
 CVE-2025-58975 (Cross-Site Request Forgery (CSRF) vulnerability in Helmut 
Wandl Advanc ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58762 (Tautulli is a Python based monitoring and tracking tool for 
Plex Media ...)
-       TODO: check
+       NOT-FOR-US: Tautulli
 CVE-2025-58761 (Tautulli is a Python based monitoring and tracking tool for 
Plex Media ...)
-       TODO: check
+       NOT-FOR-US: Tautulli
 CVE-2025-58760 (Tautulli is a Python based monitoring and tracking tool for 
Plex Media ...)
-       TODO: check
+       NOT-FOR-US: Tautulli
 CVE-2025-58759 (TinyEnv is an environment variable loader for PHP 
applications. In ver ...)
-       TODO: check
+       NOT-FOR-US: TinyEnv
 CVE-2025-58758 (TinyEnv is an environment variable loader for PHP 
applications. In ver ...)
-       TODO: check
+       NOT-FOR-US: TinyEnv
 CVE-2025-58753 (Copyparty is a portable file server. In versions prior to 
1.19.8, ther ...)
-       TODO: check
+       NOT-FOR-US: Copyparty
 CVE-2025-58442 (Saleor is an e-commerce platform. Starting in version 3.21.0 
and prior ...)
-       TODO: check
+       NOT-FOR-US: Saleor
 CVE-2025-58435 (Open OnDemand is an open-source HPC portal. Prior to versions 
3.1.15 a ...)
-       TODO: check
+       NOT-FOR-US: Open OnDemand
 CVE-2025-58430 (listmonk is a standalone, self-hosted, newsletter and mailing 
list man ...)
-       TODO: check
+       NOT-FOR-US: listmonk
 CVE-2025-58215 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-58180 (OctoPrint provides a web interface for controlling consumer 3D 
printer ...)
-       TODO: check
+       - octoprint <itp> (bug #718591)
 CVE-2025-58063 (CoreDNS is a DNS server that chains plugins. Starting in 
version 1.2.0 ...)
-       TODO: check
+       - coredns <itp> (bug #880676)
 CVE-2025-57665 (Element Plus Link component (el-link) through 2.10.6 
implements insuff ...)
-       TODO: check
+       NOT-FOR-US: Element Plus Link component (el-link)
 CVE-2025-57540 (A stored cross-site scripting (XSS) vulnerability exists in 
the WebAut ...)
-       TODO: check
+       NOT-FOR-US: Proxmox
 CVE-2025-57539 (A stored cross-site scripting (XSS) vulnerability in the U2F 
Origin fi ...)
-       TODO: check
+       NOT-FOR-US: Proxmox
 CVE-2025-57538 (A stored cross-site scripting (XSS) vulnerability in the HTTP 
Proxy fi ...)
-       TODO: check
+       NOT-FOR-US: Proxmox
 CVE-2025-57278 (The LB-Link BL-CPE300M AX300 4G LTE Router firmware version 
BL-R8800_B ...)
-       TODO: check
+       NOT-FOR-US: LB-Link BL-CPE300M AX300 4G LTE Router firmware
 CVE-2025-57087 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a 
stack overfl ...)
        NOT-FOR-US: Tenda
 CVE-2025-57086 (Tenda W30E V16.01.0.19 (5037) was discovered to contain a 
stack overfl ...)
@@ -170,15 +170,15 @@ CVE-2025-55728 (XWiki Remote Macros provides XWiki 
rendering macros that are use
 CVE-2025-55727 (XWiki Remote Macros provides XWiki rendering macros that are 
useful wh ...)
        NOT-FOR-US: XWiki
 CVE-2025-55317 (Improper link resolution before file access ('link following') 
in Micr ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-55316 (External control of file name or path in Azure Arc allows an 
authorize ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-55245 (Improper link resolution before file access ('link following') 
in Xbox ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-55243 (Exposure of sensitive information to an unauthorized actor in 
Microsof ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-55236 (Time-of-check time-of-use (toctou) race condition in Graphics 
Kernel a ...)
-       TODO: check
+       NOT-FOR-US: Microsoft
 CVE-2025-55234 (SMB Server might be susceptible to relay attacks depending on 
the conf ...)
        TODO: check
 CVE-2025-55232 (Deserialization of untrusted data in Microsoft High 
Performance Comput ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6758b665458cfb894e51a9b59463b58482a250f3...36a985d782a2ab4a8cc07610759de0703df531e0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6758b665458cfb894e51a9b59463b58482a250f3...36a985d782a2ab4a8cc07610759de0703df531e0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Process some NFUs

Reply via email to