[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 7 12:22:56 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a6cc17ef by Salvatore Bonaccorso at 2026-04-07T13:21:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,13 +105,13 @@ CVE-2026-35213 (@hapi/content provided HTTP Content-* headers parsing. All versi
 CVE-2026-35208 (lichess.org is the forever free, adless and open source chess server.  ...)
 	TODO: check
 CVE-2026-35203 (ZLMediaKit is a streaming media service framework. the VP9 RTP payload ...)
-	TODO: check
+	NOT-FOR-US: ZLMediaKit
 CVE-2026-35201 (Discount is an implementation of John Gruber's Markdown markup languag ...)
 	TODO: check
 CVE-2026-35200 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-35199 (SymCrypt is the core cryptographic function library currently used by  ...)
-	TODO: check
+	NOT-FOR-US: SymCrypt
 CVE-2026-35197 (dye is a portable and respectful color library for shell scripts. Prio ...)
 	TODO: check
 CVE-2026-35187 (pyLoad is a free and open-source download manager written in Python. I ...)
@@ -131,21 +131,21 @@ CVE-2026-35180 (WWBN AVideo is an open source video platform. In versions 26.0 a
 CVE-2026-35179 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...)
 	NOT-FOR-US: WWBN AVideo
 CVE-2026-35178 (Workbench is a suite of tools for administrators and developers to int ...)
-	TODO: check
+	NOT-FOR-US: Workbench
 CVE-2026-35176 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlie ...)
-	TODO: check
+	NOT-FOR-US: openFPGALoader
 CVE-2026-35172 (Distribution is a toolkit to pack, ship, store, and deliver container  ...)
 	TODO: check
 CVE-2026-35170 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 and earlie ...)
-	TODO: check
+	NOT-FOR-US: openFPGALoader
 CVE-2026-35022 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS command i ...)
-	TODO: check
+	NOT-FOR-US: Anthropic Claude
 CVE-2026-35021 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS command i ...)
-	TODO: check
+	NOT-FOR-US: Anthropic Claude
 CVE-2026-35020 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS command i ...)
-	TODO: check
+	NOT-FOR-US: Anthropic Claude
 CVE-2026-34972 (OpenFGA is a high-performance and flexible authorization/permission en ...)
-	TODO: check
+	NOT-FOR-US: OpenFGA
 CVE-2026-22675 (OCS Inventory NG Server version 2.12.3 and prior contain a stored cros ...)
 	TODO: check
 CVE-2026-20446 (In sec boot, there is a possible out of bounds write due to an integer ...)
@@ -331,9 +331,9 @@ CVE-2026-34976 (Dgraph is an open source distributed GraphQL database. Prior to
 CVE-2026-34975 (Plunk is an open-source email platform built on top of AWS SES. Prior  ...)
 	NOT-FOR-US: Plunk
 CVE-2026-34969 (Nhost is an open source Firebase alternative with GraphQL. Prior to 0. ...)
-	TODO: check
+	NOT-FOR-US: Nhost
 CVE-2026-34951 (Workbench is a suite of tools for administrators and developers to int ...)
-	TODO: check
+	NOT-FOR-US: Workbench
 CVE-2026-34950 (fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 a ...)
 	NOT-FOR-US: Node fast-jwt
 CVE-2026-34940 (KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, th ...)
@@ -396,13 +396,13 @@ CVE-2026-34378 (OpenEXR provides the specification and reference implementation
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088859fb6199e56824c4c9ed60afc825261bfea9 (main)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a1c64ca74d12bf5f64a912d4e12a651689f8652 (v3.4.9-rc)
 CVE-2026-34217 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-34211 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @ny ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-34208 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, Sandbox ...)
-	TODO: check
+	NOT-FOR-US: SandboxJS Node module
 CVE-2026-34148 (Fedify is a TypeScript library for building federated server apps powe ...)
-	TODO: check
+	NOT-FOR-US: Fedify
 CVE-2026-33817 (Index out-of-range when encountering a branch page with zero elements  ...)
 	TODO: check
 CVE-2026-33752 (curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cc17efba884a7097b76f947d48179dd69e0821

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cc17efba884a7097b76f947d48179dd69e0821
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/941d1ef0/attachment.htm>

More information about the debian-security-tracker-commits mailing list