[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3895c379 by Moritz Muehlenhoff at 2026-04-23T15:21:32+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2026-6856
+	- keycloak <itp> (bug #1088287)
 CVE-2026-22020 [updated libpng in Oracle Java]
 	- openjdk-8 <not-affected> (Specific to Oracle binary distribution, Debian uses system libpng)
 	- openjdk-11 <not-affected> (Specific to Oracle binary distribution, Debian uses system libpng)
@@ -92,7 +94,7 @@ CVE-2026-41206 (PySpector is a static analysis security testing (SAST) Framework
 CVE-2026-41200 (STIG Manager is an API and web client for managing  Security Technical ...)
 	NOT-FOR-US: STIG Manager
 CVE-2026-41197 (Noir is a Domain Specific Language for SNARK proving systems that is d ...)
-	TODO: check
+	NOT-FOR-US: Noir
 CVE-2026-41196 (Luanti (formerly Minetest) is an open source voxel game-creation platf ...)
 	- luanti <unfixed>
 	[trixie] - luanti 5.10.0+dfsg-5+deb13u1
@@ -158,35 +160,35 @@ CVE-2026-3621 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.
 CVE-2026-3361 (The WP Store Locator plugin for WordPress is vulnerable to Stored Cros ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3007 (Successful exploitation of the stored cross-site scripting (XSS) vulne ...)
-	TODO: check
+	NOT-FOR-US: Koollab LMS
 CVE-2026-34488 (IP Setting Software contains an issue with the DLL search path, which  ...)
 	NOT-FOR-US: IP Setting Software
 CVE-2026-34068 (nimiq-transaction provides the transaction primitive to be used in Nim ...)
-	TODO: check
+	NOT-FOR-US: nimiq-transaction
 CVE-2026-34067 (nimiq-transaction provides the transaction primitive to be used in Nim ...)
-	TODO: check
+	NOT-FOR-US: nimiq-transaction
 CVE-2026-34066 (nimiq-blockchain provides persistent block storage for Nimiq's Rust im ...)
-	TODO: check
+	NOT-FOR-US: nimiq-blockchain
 CVE-2026-34065 (nimiq-primitives contains primitives (e.g., block, account, transactio ...)
-	TODO: check
+	NOT-FOR-US: nimiq-primitives
 CVE-2026-34064 (nimiq-account contains account primitives to be used in Nimiq's Rust i ...)
-	TODO: check
+	NOT-FOR-US: nimiq-account
 CVE-2026-34063 (Nimiq's network-libp2p is a Nimiq network implementation based on libp ...)
-	TODO: check
+	NOT-FOR-US: network-libp2p
 CVE-2026-34062 (nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior  ...)
-	TODO: check
+	NOT-FOR-US: network-libp2p
 CVE-2026-33733 (EspoCRM is an open source customer relationship management application ...)
 	NOT-FOR-US: EspoCRM
 CVE-2026-33656 (EspoCRM is an open source customer relationship management application ...)
 	NOT-FOR-US: EspoCRM
 CVE-2026-33471 (nimiq-block contains block primitives to be used in Nimiq's Rust imple ...)
-	TODO: check
+	NOT-FOR-US: nimiq-block
 CVE-2026-32679 (The installers of LiveOn Meet Client for Windows (Downloader5Installer ...)
 	NOT-FOR-US: LiveOn Meet Client for Windows
 CVE-2026-2951 (The Gutentor \u2013 Gutenberg Blocks \u2013 Page Builder for Gutenberg ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-29198 (In Rocket.Chat <8.3.0, <8.2.1, <8.1.2, <8.0.3, <7.13.5, <7.12.6, <7.11 ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2026-1923 (The Social Rocket \u2013 Social Sharing Plugin plugin for WordPress is ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1726 (IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5. ...)
@@ -200,7 +202,7 @@ CVE-2026-1272 (IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable t
 CVE-2025-36074 (IBM Security Verify Directory (Container) 10.0.0 through 10.0.0.3 IBM  ...)
 	NOT-FOR-US: IBM
 CVE-2025-10549 (EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnera ...)
-	TODO: check
+	NOT-FOR-US: EfficientLab Controlio
 CVE-2026-40215
 	- openvpn 2.7.2-1
 	NOTE: https://community.openvpn.net/Security%20Announcements/CVE-2026-40215



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3895c37963bfcc745e12bdb8af284f05acf5cff2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3895c37963bfcc745e12bdb8af284f05acf5cff2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/54fab68a/attachment-0001.htm>