[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 23 20:33:20 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96d4b344 by Salvatore Bonaccorso at 2026-04-23T21:32:56+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,15 +7,15 @@ CVE-2026-6919 (Use after free in DevTools in Google Chrome prior to 147.0.7727.1
 	- chromium <unfixed>
 	[bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-6903 (The LabOne Web Server, backing the LabOne User Interface, contains ins ...)
-	TODO: check
+	NOT-FOR-US: LabOne Web Server
 CVE-2026-6887 (Borg SPM 2007 (Sales Ended in 2008)developed by BorG Technology Corpor ...)
-	TODO: check
+	NOT-FOR-US: Borg SPM
 CVE-2026-6886 (Borg SPM 2007 (Sales Ended in 2008)developed by BorG Technology Corpor ...)
-	TODO: check
+	NOT-FOR-US: Borg SPM
 CVE-2026-6885 (Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corpo ...)
-	TODO: check
+	NOT-FOR-US: Borg SPM
 CVE-2026-6074 (A path traversal condition in Intrado 911 Emergency Gateway could allo ...)
-	TODO: check
+	NOT-FOR-US: Intrado 911 Emergency Gateway
 CVE-2026-5464 (The ExactMetrics \u2013 Google Analytics Dashboard for WordPress (Webs ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5039 (TP-Link TL-WR841N v13 uses DES-CBC encryption in the TDDPv2 debug prot ...)
@@ -25,17 +25,17 @@ CVE-2026-41909 (OpenClaw before 2026.4.20 contains an improper authorization vul
 CVE-2026-41908 (OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerab ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-41461 (SocialEngine versions 7.8.0 and prior contain a blind server-side requ ...)
-	TODO: check
+	NOT-FOR-US: SocialEngine
 CVE-2026-41460 (SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerab ...)
-	TODO: check
+	NOT-FOR-US: SocialEngine
 CVE-2026-41259 (Mastodon is a free, open-source social network server based on Activit ...)
 	TODO: check
 CVE-2026-41247 (elFinder is an open-source file manager for web, written in JavaScript ...)
-	TODO: check
+	NOT-FOR-US: elFinder
 CVE-2026-41246 (Contour is a Kubernetes ingress controller using Envoy proxy. From v1. ...)
-	TODO: check
+	NOT-FOR-US: Contour
 CVE-2026-41241 (pretalx is a conference planning tool. Prior to 2026.1.0, The organise ...)
-	TODO: check
+	NOT-FOR-US: pretalx
 CVE-2026-41240 (DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathM ...)
 	TODO: check
 CVE-2026-41239 (DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathM ...)
@@ -49,13 +49,13 @@ CVE-2026-41205 (Mako is a template library written in Python. Prior to 1.3.11, T
 CVE-2026-41173 (The AWS X-Ray Remote Sampler package provides a sampler which can get  ...)
 	TODO: check
 CVE-2026-41078 (OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 an ...)
-	TODO: check
+	NOT-FOR-US: OpenTelemetry dotnet
 CVE-2026-40894 (OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry ...)
-	TODO: check
+	NOT-FOR-US: OpenTelemetry dotnet
 CVE-2026-40891 (OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to b ...)
-	TODO: check
+	NOT-FOR-US: OpenTelemetry dotnet
 CVE-2026-40886 (Argo Workflows is an open source container-native workflow engine for  ...)
-	TODO: check
+	NOT-FOR-US: Argo
 CVE-2026-40472 (In hackage-server, user-controlled metadata from .cabal files are rend ...)
 	TODO: check
 CVE-2026-40471 (hackage-server lacked Cross-Site Request Forgery (CSRF) protection acr ...)
@@ -63,7 +63,7 @@ CVE-2026-40471 (hackage-server lacked Cross-Site Request Forgery (CSRF) protecti
 CVE-2026-40470 (A critical XSS vulnerability affected hackage-server and hackage.haske ...)
 	TODO: check
 CVE-2026-40182 (OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to b ...)
-	TODO: check
+	NOT-FOR-US: OpenTelemetry dotnet
 CVE-2026-3960 (A critical remote code execution vulnerability exists in the unauthent ...)
 	TODO: check
 CVE-2026-3259 (A Generation of Error Message Containing Sensitive Information vulnera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96d4b344940b270c8cb00bbe37682e53abcc946c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96d4b344940b270c8cb00bbe37682e53abcc946c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/64e2849c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list