[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 25 09:11:36 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
83888c7a by Salvatore Bonaccorso at 2026-04-25T10:11:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,53 +5,53 @@ CVE-2026-6967 (Missing expiration, hash, and length enforcement in delegated met
 CVE-2026-6966 (Improper verification of cryptographic signature uniqueness in delegat ...)
 	NOT-FOR-US: Amazon
 CVE-2026-6951 (Versions of the package simple-git before 3.36.0 are vulnerable to Rem ...)
-	TODO: check
+	NOT-FOR-US: simple-git
 CVE-2026-6175
 	REJECTED
 CVE-2026-42171 (NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes ...)
 	TODO: check
 CVE-2026-41894 (SiYuan is an open-source personal knowledge management system. Prior t ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-41503 (BACnet Stack is a BACnet open source protocol stack C library for embe ...)
-	TODO: check
+	NOT-FOR-US: BACnet Stack
 CVE-2026-41502 (BACnet Stack is a BACnet open source protocol stack C library for embe ...)
-	TODO: check
+	NOT-FOR-US: BACnet Stack
 CVE-2026-41488 (LangChain is a framework for building agents and LLM-powered applicati ...)
-	TODO: check
+	NOT-FOR-US: LangChain
 CVE-2026-41481 (LangChain is a framework for building agents and LLM-powered applicati ...)
-	TODO: check
+	NOT-FOR-US: LangChain
 CVE-2026-41478 (Saltcorn is an extensible, open source, no-code database application b ...)
-	TODO: check
+	NOT-FOR-US: Saltcorn
 CVE-2026-41477 (Deskflow is a keyboard and mouse sharing app.  In 1.20.0, 1.26.0.134,  ...)
 	TODO: check
 CVE-2026-41476 (Deskflow is a keyboard and mouse sharing app.  Prior to 1.26.0.138, a  ...)
 	TODO: check
 CVE-2026-41475 (BACnet Stack is a BACnet open source protocol stack C library for embe ...)
-	TODO: check
+	NOT-FOR-US: BACnet Stack
 CVE-2026-41473 (CyberPanel versions prior to2.4.4 contain an authentication bypass vul ...)
-	TODO: check
+	NOT-FOR-US: CyberPanel
 CVE-2026-41472 (CyberPanel versions prior to2.4.4 contain a stored cross-site scriptin ...)
-	TODO: check
+	NOT-FOR-US: CyberPanel
 CVE-2026-41433 (OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based ...)
-	TODO: check
+	NOT-FOR-US: OpenTelemetry
 CVE-2026-41429 (arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ES ...)
-	TODO: check
+	NOT-FOR-US: arduino-esp32
 CVE-2026-41428 (Budibase is an open-source low-code platform. Prior to 3.35.4, the aut ...)
-	TODO: check
+	NOT-FOR-US: Budibase
 CVE-2026-41427 (Better Auth is an authentication and authorization library for TypeScr ...)
-	TODO: check
+	NOT-FOR-US: Better Auth
 CVE-2026-41426 (pretalx is a conference planning tool. Prior to 2026.1.0, an unauthent ...)
-	TODO: check
+	NOT-FOR-US: pretalx
 CVE-2026-41425 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	TODO: check
 CVE-2026-41421 (SiYuan is an open-source personal knowledge management system. Prior t ...)
-	TODO: check
+	NOT-FOR-US: SiYuan
 CVE-2026-41419 (4ga Boards is a boards system for realtime project management. Prior t ...)
-	TODO: check
+	NOT-FOR-US: 4ga Boards
 CVE-2026-41418 (4ga Boards is a boards system for realtime project management. Prior t ...)
-	TODO: check
+	NOT-FOR-US: 4ga Boards
 CVE-2026-41326 (Kata Containers is an open source project focusing on a standard imple ...)
-	TODO: check
+	NOT-FOR-US: Kata Containers
 CVE-2026-41248 (Clerk JavaScript is the official JavaScript repository for Clerk authe ...)
 	TODO: check
 CVE-2026-41244 (Mojic is a CLI tool to transform readable C code into an unrecognizabl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83888c7a2a6e269b064950be1472dacccdf3cc61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/83888c7a2a6e269b064950be1472dacccdf3cc61
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260425/dd7f1fff/attachment.htm>

More information about the debian-security-tracker-commits mailing list