[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c97a764f by Salvatore Bonaccorso at 2026-04-07T09:45:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29,9 +29,9 @@ CVE-2026-5684 (A vulnerability was determined in Tenda CX12L 16.03.53.12. Affect
 CVE-2026-5683 (A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this ...)
 	NOT-FOR-US: Tenda
 CVE-2026-5682 (A vulnerability has been found in Meesho Online Shopping App up to 27. ...)
-	TODO: check
+	NOT-FOR-US: Meesho Online Shopping App
 CVE-2026-5681 (A flaw has been found in itsourcecode sanitize or validate this input  ...)
-	TODO: check
+	NOT-FOR-US: itsourcecode
 CVE-2026-5679 (A security vulnerability has been detected in Totolink A3300R 17.0.0cu ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2026-5465 (The Booking for Appointments and Events Calendar \u2013 Amelia plugin  ...)
@@ -47,19 +47,19 @@ CVE-2026-35473 (WeGIA is a Web manager for charitable institutions. Prior to 3.6
 CVE-2026-35472 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-35471 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdel ...)
-	TODO: check
+	NOT-FOR-US: goshs
 CVE-2026-35459 (pyLoad is a free and open-source download manager written in Python. I ...)
 	TODO: check
 CVE-2026-35454 (The Code Extension Marketplace is an open-source alternative to the VS ...)
 	TODO: check
 CVE-2026-35452 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-35450 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-35449 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-35448 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-35444 (SDL_image is a library to load images of various formats as SDL surfac ...)
 	TODO: check
 CVE-2026-35442 (Directus is a real-time API and App dashboard for managing SQL databas ...)
@@ -79,7 +79,7 @@ CVE-2026-35409 (Directus is a real-time API and App dashboard for managing SQL d
 CVE-2026-35408 (Directus is a real-time API and App dashboard for managing SQL databas ...)
 	NOT-FOR-US: Directus
 CVE-2026-35404 (Open edX Platform enables the authoring and delivery of online learnin ...)
-	TODO: check
+	NOT-FOR-US: Open edX Platform
 CVE-2026-35399 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, a  ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-35398 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an ...)
@@ -89,17 +89,17 @@ CVE-2026-35396 (WeGIA is a Web manager for charitable institutions. Prior to 3.6
 CVE-2026-35395 (WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, We ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-35394 (Mobile Next is an MCP server for mobile development and automation. Pr ...)
-	TODO: check
+	NOT-FOR-US: Mobile Next
 CVE-2026-35393 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the  ...)
-	TODO: check
+	NOT-FOR-US: goshs
 CVE-2026-35392 (goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, PUT  ...)
-	TODO: check
+	NOT-FOR-US: goshs
 CVE-2026-35391 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
-	TODO: check
+	NOT-FOR-US: Bulwark Webmail
 CVE-2026-35390 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
-	TODO: check
+	NOT-FOR-US: Bulwark Webmail
 CVE-2026-35389 (Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Serv ...)
-	TODO: check
+	NOT-FOR-US: Bulwark Webmail
 CVE-2026-35213 (@hapi/content provided HTTP Content-* headers parsing. All versions of ...)
 	TODO: check
 CVE-2026-35208 (lichess.org is the forever free, adless and open source chess server.  ...)
@@ -117,19 +117,19 @@ CVE-2026-35197 (dye is a portable and respectful color library for shell scripts
 CVE-2026-35187 (pyLoad is a free and open-source download manager written in Python. I ...)
 	TODO: check
 CVE-2026-35185 (HAX CMS helps manage microsite universe with PHP or NodeJs backends. P ...)
-	TODO: check
+	NOT-FOR-US: HAX CMS
 CVE-2026-35184 (EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, the ...)
-	TODO: check
+	NOT-FOR-US: EcclesiaCRM
 CVE-2026-35183 (Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Ob ...)
-	TODO: check
+	NOT-FOR-US: Brave CMS
 CVE-2026-35182 (Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is ...)
-	TODO: check
+	NOT-FOR-US: Brave CMS
 CVE-2026-35181 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-35180 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-35179 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-35178 (Workbench is a suite of tools for administrators and developers to int ...)
 	TODO: check
 CVE-2026-35176 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlie ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c97a764f573a6a98bffa17dda8231dbfff242d39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c97a764f573a6a98bffa17dda8231dbfff242d39
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/c659e3ec/attachment-0001.htm>