[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Apr 1 17:26:46 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f384bce1 by Salvatore Bonaccorso at 2026-04-01T18:26:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -370,29 +370,29 @@ CVE-2026-34243 (wenxian is a tool to generate BIBTEX files from given identifier
 CVE-2026-34240 (JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...)
 	TODO: check
 CVE-2026-34237 (MCP Java SDK is the official Java SDK for Model Context Protocol serve ...)
-	TODO: check
+	NOT-FOR-US: MCP Java SDK
 CVE-2026-34235 (PJSIP is a free and open source multimedia communication library writt ...)
 	- pjproject <removed>
 	NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-pqrm-53pc-wx28
 	NOTE: https://github.com/pjsip/pjproject/commit/f4c7d08211da1fe2ad1504434a0ad99d12aa7536
 CVE-2026-34231 (Slippers is a UI component framework for Django. Prior to version 0.6. ...)
-	TODO: check
+	NOT-FOR-US: Slippers
 CVE-2026-34227 (Sliver is a command and control framework that uses a custom Wireguard ...)
-	TODO: check
+	NOT-FOR-US: Sliver
 CVE-2026-34224 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-34221 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...)
-	TODO: check
+	NOT-FOR-US: MikroORM
 CVE-2026-34220 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...)
-	TODO: check
+	NOT-FOR-US: MikroORM
 CVE-2026-34219 (libp2p-rust is the official rust language Implementation of the libp2p ...)
 	TODO: check
 CVE-2026-34218 (ClearanceKit intercepts file-system access events on macOS and enforce ...)
-	TODO: check
+	NOT-FOR-US: ClearanceKit
 CVE-2026-34215 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-34214 (Trino is a distributed SQL query engine for big data analytics. From v ...)
-	TODO: check
+	NOT-FOR-US: Trino
 CVE-2026-34210 (mppx is a TypeScript interface for machine payments protocol. Prior to ...)
 	TODO: check
 CVE-2026-34209 (mppx is a TypeScript interface for machine payments protocol. Prior to ...)
@@ -402,21 +402,21 @@ CVE-2026-34206 (Captcha Protect is a Traefik middleware to add an anti-bot chall
 CVE-2026-34204 (MinIO is a high-performance object storage system. Prior to version RE ...)
 	- minio <itp> (bug #859207)
 CVE-2026-34203 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
-	TODO: check
+	NOT-FOR-US: Nautobot
 CVE-2026-34202 (ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad versio ...)
-	TODO: check
+	NOT-FOR-US: ZEBRA
 CVE-2026-34200 (Nhost is an open source Firebase alternative with GraphQL. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Nhost
 CVE-2026-34172 (Giskard is an open-source Python library for testing and evaluating ag ...)
-	TODO: check
+	NOT-FOR-US: Giskard
 CVE-2026-34165 (go-git is an extensible git implementation library written in pure Go. ...)
 	TODO: check
 CVE-2026-34163 (FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, F ...)
-	TODO: check
+	NOT-FOR-US: FastGPT
 CVE-2026-34162 (FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, t ...)
-	TODO: check
+	NOT-FOR-US: FastGPT
 CVE-2026-34156 (NocoBase is an AI-powered no-code/low-code platform for building busin ...)
-	TODO: check
+	NOT-FOR-US: NocoBase
 CVE-2026-34155 (RAUC controls the update process on embedded Linux systems. Prior to v ...)
 	- rauc 1.15.2-1
 	NOTE: https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f384bce1324970ce53767629208715ab17761fed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f384bce1324970ce53767629208715ab17761fed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260401/136c5de6/attachment.htm>

More information about the debian-security-tracker-commits mailing list