[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 2 07:22:37 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
91e6abcb by Salvatore Bonaccorso at 2026-04-02T08:22:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -87,19 +87,19 @@ CVE-2026-34445 (Open Neural Network Exchange (ONNX) is an open standard for mach
 	NOTE: https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9
 	NOTE: https://github.com/onnx/onnx/pull/7751
 CVE-2026-34430 (ByteDance Deer-Flow versions prior to commit 92c7a20 containa sandbox  ...)
-	TODO: check
+	NOT-FOR-US: ByteDance Deer-Flow
 CVE-2026-34397 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
 	NOT-FOR-US: Himmelblau
 CVE-2026-34376 (PdfDing is a selfhosted PDF manager, viewer and editor offering a seam ...)
 	NOT-FOR-US: PdfDing
 CVE-2026-34236 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. F ...)
-	TODO: check
+	NOT-FOR-US: Auth0-PHP
 CVE-2026-34222 (Open WebUI is a self-hosted artificial intelligence platform designed  ...)
 	NOT-FOR-US: Open WebUI
 CVE-2026-34159 (llama.cpp is an inference of several LLM models in C/C++. Prior to ver ...)
 	TODO: check
 CVE-2026-34076 (Clerk JavaScript is the official JavaScript repository for Clerk authe ...)
-	TODO: check
+	NOT-FOR-US: Clerk
 CVE-2026-34072 (Cr*nMaster (cronmaster) is a Cronjob management UI with human readable ...)
 	NOT-FOR-US: Next.js
 CVE-2026-33990 (Docker Model Runner (DMR) is software used to manage, run, and deploy  ...)
@@ -616,9 +616,9 @@ CVE-2026-34215 (Parse Server is an open source backend that can be deployed to a
 CVE-2026-34214 (Trino is a distributed SQL query engine for big data analytics. From v ...)
 	NOT-FOR-US: Trino
 CVE-2026-34210 (mppx is a TypeScript interface for machine payments protocol. Prior to ...)
-	TODO: check
+	NOT-FOR-US: mppx
 CVE-2026-34209 (mppx is a TypeScript interface for machine payments protocol. Prior to ...)
-	TODO: check
+	NOT-FOR-US: mppx
 CVE-2026-34206 (Captcha Protect is a Traefik middleware to add an anti-bot challenge t ...)
 	TODO: check
 CVE-2026-34204 (MinIO is a high-performance object storage system. Prior to version RE ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e6abcbd3c2007544b749abbf736b49cd30640d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e6abcbd3c2007544b749abbf736b49cd30640d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260402/876c9c31/attachment.htm>

More information about the debian-security-tracker-commits mailing list