Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6d2ae586 by Salvatore Bonaccorso at 2026-07-18T22:53:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4,7 +4,7 @@ CVE-2026-9323 (The urwid web display backend 
(urwid/display/web.py) generates we
        NOTE: https://github.com/urwid/urwid/pull/1128
        NOTE: Fixed by: 
https://github.com/urwid/urwid/commit/24acd12f0d0598036d0d577f2ee63e4a27b4a3d9 
(4.0.2)
 CVE-2026-9147 (uproot dynamically generates Python class source code from ROOT 
TStrea ...)
-       TODO: check
+       NOT-FOR-US: uproot
 CVE-2026-47871 (VMware Avi Load Balancer contains a directory traversal 
vulnerability. ...)
        NOT-FOR-US: VMware
 CVE-2026-47870 (VMware Avi Load Balancer contains a privilege escalation 
vulnerability ...)
@@ -303,7 +303,7 @@ CVE-2026-48022 (@hapi/wreck is an HTTP client utility. 
Prior to 18.1.2, Wreck st
 CVE-2026-46420 (setup-php is a GitHub action to set up PHP with extensions, 
php.ini co ...)
        NOT-FOR-US: setup-php
 CVE-2026-45799 (Wire provides gRPC and protocol buffers for Android, Kotlin, 
Swift, an ...)
-       TODO: check
+       NOT-FOR-US: square/wire
 CVE-2026-45785 (OpenMcdf is a fully .NET / C# library to manipulate Compound 
File Bina ...)
        NOT-FOR-US: OpenMcdf
 CVE-2026-45784 (rust-openssl provides OpenSSL bindings for the Rust 
programming langua ...)
@@ -311,15 +311,15 @@ CVE-2026-45784 (rust-openssl provides OpenSSL bindings 
for the Rust programming
 CVE-2026-45704 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
        NOT-FOR-US: Pimcore
 CVE-2026-45260 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
-       TODO: check
+       NOT-FOR-US: Pimcore
 CVE-2026-44979 (@hapi/wreck is an HTTP client utility. Prior to 18.1.1, when 
@hapi/wre ...)
-       TODO: check
+       NOT-FOR-US: hapi/wreck
 CVE-2026-44974 (@hapi/content provided HTTP Content-* headers parsing. Prior 
to 6.0.2, ...)
-       TODO: check
+       NOT-FOR-US: hapi/content
 CVE-2026-44891 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-44739 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
-       TODO: check
+       NOT-FOR-US: Pimcore
 CVE-2026-43636
        REJECTED
 CVE-2026-42168 (django-pyas2 through 1.2.3 is vulnerable to OS command 
injection via t ...)
@@ -531,7 +531,7 @@ CVE-2026-47180 (Zeroconf is a pure Python implementation of 
multicast DNS servic
 CVE-2026-45703 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
        NOT-FOR-US: Pimcore
 CVE-2026-45162 (Pimcore is an Open Source Data & Experience Management 
Platform. Prior ...)
-       TODO: check
+       NOT-FOR-US: Pimcore
 CVE-2026-44722 (pyzipper is a replacement for Python's zipfile that can read 
and write ...)
        TODO: check
 CVE-2026-22104 (Improper access control in Hashtopolis server web-interface 
chunk acti ...)
@@ -983,37 +983,37 @@ CVE-2026-45795 (The Janssen Project is an open-source 
identity and access manage
 CVE-2026-45695 (Kopia is a cross-platform backup tool for Windows, macOS, and 
Linux wi ...)
        NOT-FOR-US: Kopia
 CVE-2026-45612 (rz-libdemangle is a Rizin library for demangling symbols. 
Prior to 6bf ...)
-       TODO: check
+       NOT-FOR-US: rz-libdemangle
 CVE-2026-45576 (zrok is software for sharing web services, files, and network 
resource ...)
-       TODO: check
+       NOT-FOR-US: zrok
 CVE-2026-45568 (zrok is software for sharing web services, files, and network 
resource ...)
-       TODO: check
+       NOT-FOR-US: zrok
 CVE-2026-45368 (Kirby is an open-source content management system. In versions 
prior t ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-45367 (HAPI FHIR is a complete implementation of the HL7 FHIR 
standard for he ...)
-       TODO: check
+       NOT-FOR-US: HAPI FHIR
 CVE-2026-45336 (HireFlow is a web-based interview management system for 
managing candi ...)
-       TODO: check
+       NOT-FOR-US: HireFlow
 CVE-2026-45334 (Kirby is an open-source content management system. In versions 
prior t ...)
-       TODO: check
+       NOT-FOR-US: Kirby CMS
 CVE-2026-45325 (Gestor de Oferta is a web application for managing mobility 
service of ...)
-       TODO: check
+       NOT-FOR-US: Gestor de Oferta
 CVE-2026-44982 (CrowdSec offers crowdsourced protection against malicious IPs. 
From 1. ...)
-       TODO: check
+       NOT-FOR-US: CrowdSec
 CVE-2026-44981 (CrowdSec offers crowdsourced protection against malicious IPs. 
From 1. ...)
-       TODO: check
+       NOT-FOR-US: CrowdSec
 CVE-2026-44970 (dbt-mcp is a Model Context Protocol server for interacting 
with dbt. P ...)
-       TODO: check
+       NOT-FOR-US: dbt-mcp
 CVE-2026-44969 (dbt-mcp is a Model Context Protocol server for interacting 
with dbt. P ...)
-       TODO: check
+       NOT-FOR-US: dbt-mcp
 CVE-2026-44968 (dbt-mcp is a Model Context Protocol server for interacting 
with dbt. P ...)
-       TODO: check
+       NOT-FOR-US: dbt-mcp
 CVE-2026-44632 (Yamcs is a mission control framework. Prior to 5.12.7, a 
server-side c ...)
-       TODO: check
+       NOT-FOR-US: Yamcs
 CVE-2026-44596 (Yamcs is a mission control framework. Prior to 5.12.7, the 
authenticat ...)
-       TODO: check
+       NOT-FOR-US: Yamcs
 CVE-2026-44595 (Yamcs is a mission control framework. Prior to 5.12.7, the IAM 
API end ...)
-       TODO: check
+       NOT-FOR-US: Yamcs
 CVE-2026-44453 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and 
HTTP/3. Pr ...)
        TODO: check
 CVE-2026-44452 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and 
HTTP/3. Pr ...)
@@ -1405,7 +1405,7 @@ CVE-2026-45417 (DataEase is an open source data 
visualization and analysis tool.
 CVE-2026-45320 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
        NOT-FOR-US: DataEase
 CVE-2026-45313 (Sandboxie-Plus is an open source sandbox-based isolation 
software for  ...)
-       TODO: check
+       NOT-FOR-US: Sandboxie-Plus
 CVE-2026-40958 (CVE-2026-40958 is a input validation error in Secure Access 
clients pr ...)
        NOT-FOR-US: Absolute Software
 CVE-2026-40957 (o CVE-2026-40957 is a frameable content vulnerability in the 
Secure Ac ...)
@@ -1891,11 +1891,11 @@ CVE-2026-45805 (Penpot is an open-source design tool 
for design and code collabo
 CVE-2026-45804 (Diffusers is the a library for pretrained diffusion models. 
Prior to 0 ...)
        NOT-FOR-US: Diffusers
 CVE-2026-45337 (Better Auth is an authentication and authorization library for 
TypeScr ...)
-       TODO: check
+       NOT-FOR-US: Better Auth
 CVE-2026-45150 (Zen is a firefox-based browser. Prior to 1.19.13b, Zen Browser 
did not ...)
-       TODO: check
+       NOT-FOR-US: Zen
 CVE-2026-44986 (Penpot is an open-source design tool for design and code 
collaboration ...)
-       TODO: check
+       NOT-FOR-US: Penpot
 CVE-2026-43637 (Cornac before 2.6.0 contains a path traversal (Tar Slip) 
vulnerability ...)
        TODO: check
 CVE-2026-42533 (A vulnerability exists in NGINX Plus and NGINX Open Source 
when a mapd ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d2ae5861b5638ff86f667a115f7ac0e003d9d89

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d2ae5861b5638ff86f667a115f7ac0e003d9d89
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to