[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Thu, 18 Dec 2025 00:45:57 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
b8fd6058 by Salvatore Bonaccorso at 2025-12-18T09:45:33+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16,7 +16,7 @@ CVE-2025-68433 (Zed, a code editor, has an aribtrary code 
execution vulnerabilit
 CVE-2025-68432 (Zed, a code editor, has an aribtrary code execution 
vulnerability in v ...)
        - zed-editor <itp> (bug #1076165)
 CVE-2025-68429 (Storybook is a frontend workshop for building user interface 
component ...)
-       TODO: check
+       NOT-FOR-US: Storybook
 CVE-2025-68401 (ChurchCRM is an open-source church management system. Prior to 
version ...)
        NOT-FOR-US: ChurchCRM
 CVE-2025-68400 (ChurchCRM is an open-source church management system. A SQL 
Injection  ...)
@@ -26,15 +26,15 @@ CVE-2025-68399 (ChurchCRM is an open-source church 
management system. In version
 CVE-2025-68275 (ChurchCRM is an open-source church management system. Versions 
prior t ...)
        NOT-FOR-US: ChurchCRM
 CVE-2025-68147 (Open Source Point of Sale (opensourcepos) is a web based point 
of sale ...)
-       TODO: check
+       NOT-FOR-US: Open Source Point of Sale (opensourcepos)
 CVE-2025-68145 (In mcp-server-git versions prior to 2025.12.17, when the 
server is sta ...)
-       TODO: check
+       NOT-FOR-US: mcp-server-git
 CVE-2025-68144 (In mcp-server-git versions prior to 2025.12.17, the git_diff 
and git_c ...)
-       TODO: check
+       NOT-FOR-US: mcp-server-git
 CVE-2025-68143 (Model Context Protocol Servers is a collection of reference 
implementa ...)
-       TODO: check
+       NOT-FOR-US: Model Context Protocol Servers
 CVE-2025-68129 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management 
APIs. I ...)
-       TODO: check
+       NOT-FOR-US: Auth0-PHP
 CVE-2025-68118 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        TODO: check
 CVE-2025-68114 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5 
and prio ...)
@@ -56,27 +56,27 @@ CVE-2025-67875 (ChurchCRM is an open-source church 
management system. A privileg
 CVE-2025-67873 (Capstone is a disassembly framework. In versions 6.0.0-Alpha5 
and prio ...)
        TODO: check
 CVE-2025-67794 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 
before  ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67793 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 
through ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67792 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67791 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 
through ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67790 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67789 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67787 (An issue was discovered in 25.1.2 before 25.1.5. A Cross Site 
Scriptin ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67781 (An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 
before 2 ...)
-       TODO: check
+       NOT-FOR-US: DriveLock
 CVE-2025-67546 (Exposure of Sensitive System Information to an Unauthorized 
Control Sp ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-67493 (Homarr is an open-source dashboard. Prior to version 1.45.3, 
it was po ...)
-       TODO: check
+       NOT-FOR-US: Homarr
 CVE-2025-66647 (RIOT is an open-source microcontroller operating system, 
designed to m ...)
-       TODO: check
+       NOT-FOR-US: RIOT
 CVE-2025-66119 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66118 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
@@ -104,7 +104,7 @@ CVE-2025-66068 (Missing Authorization vulnerability in 
InstaWP InstaWP Connect i
 CVE-2025-66054 (Missing Authorization vulnerability in ThimPress LearnPress 
learnpress ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-66029 (Open OnDemand provides remote web access to supercomputers. In 
version ...)
-       TODO: check
+       NOT-FOR-US: Open OnDemand
 CVE-2025-64378 (Missing Authorization vulnerability in CridioStudio ListingPro 
listing ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2025-64377 (Improper Control of Filename for Include/Require Statement in 
PHP Prog ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8fd6058bc313d323f88bb7de72bba1188f61dce

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b8fd6058bc313d323f88bb7de72bba1188f61dce
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to