[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Feb 20 09:00:13 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
73645783 by Salvatore Bonaccorso at 2026-02-20T09:59:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107,59 +107,59 @@ CVE-2026-26980 (Ghost is a Node.js content management system. Versions 3.24.0 th
 CVE-2026-26977 (Frappe Learning Management System (LMS) is a learning system that help ...)
 	NOT-FOR-US: Frappe Learning Management System (LMS)
 CVE-2026-26975 (Music Assistant is an open-source media library manager that integrate ...)
-	TODO: check
+	NOT-FOR-US: Music Assistant
 CVE-2026-26974 (Slyde is a program that creates animated presentations from XML. In ve ...)
-	TODO: check
+	NOT-FOR-US: Slyde
 CVE-2026-26972 (OpenClaw is a personal AI assistant. In versions 2026.1.12 through 202 ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-26967 (PJSIP is a free and open source multimedia communication library writt ...)
 	TODO: check
 CVE-2026-26964 (Windmill is an open-source developer platform for internal code: APIs, ...)
-	TODO: check
+	NOT-FOR-US: Windmill
 CVE-2026-26963 (Cilium is a networking, observability, and security solution with an e ...)
 	TODO: check
 CVE-2026-26960 (node-tar is a full-featured Tar for Node.js. When using default option ...)
 	TODO: check
 CVE-2026-26959 (ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and ...)
-	TODO: check
+	NOT-FOR-US: ADB Explorer
 CVE-2026-26958 (filippo.io/edwards25519 is a Go library implementing the edwards25519  ...)
 	TODO: check
 CVE-2026-26957 (Libredesk is a self-hosted customer support desk application. Versions ...)
-	TODO: check
+	NOT-FOR-US: Libredesk
 CVE-2026-26953 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole
 CVE-2026-26952 (Pi-hole Admin Interface is a web interface for managing Pi-hole, a net ...)
-	TODO: check
+	NOT-FOR-US: Pi-Hole
 CVE-2026-26744 (A user enumeration vulnerability exists in FormaLMS 4.1.18 and below i ...)
-	TODO: check
+	NOT-FOR-US: FormaLMS
 CVE-2026-26370 (WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a c ...)
-	TODO: check
+	NOT-FOR-US: WordPress Plugin
 CVE-2026-26329 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, authe ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26328 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26327 (OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS a ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26326 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, `skil ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26325 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mis ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26324 (OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenC ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26323 (OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2. ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26322 (OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2. ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26321 (OpenClaw is a personal AI assistant. Prior to OpenClaw version 2026.2. ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26320 (OpenClaw is a personal AI assistant. OpenClaw macOS desktop client reg ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26319 (OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allo ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26317 (OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facin ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26316 (OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional  ...)
-	TODO: check
+	NOT-FOR-US: OpenClaw
 CVE-2026-26315 (go-ethereum (Geth) is a golang execution layer implementation of the E ...)
 	TODO: check
 CVE-2026-26314 (go-ethereum (geth) is a golang execution layer implementation of the E ...)
@@ -169,9 +169,9 @@ CVE-2026-26313 (go-ethereum (geth) is a golang execution layer implementation of
 CVE-2026-26312 (Stalwart is a mail and collaboration server. A denial-of-service vulne ...)
 	TODO: check
 CVE-2026-26286 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2026-26282 (NanaZip is an open source file archive Starting in version 5.0.1252.0  ...)
-	TODO: check
+	NOT-FOR-US: NanaZip
 CVE-2026-26275 (httpsig-hyper is a hyper extension for http message signatures. An iss ...)
 	TODO: check
 CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
@@ -181,7 +181,7 @@ CVE-2026-26064 (calibre is a cross-platform e-book manager for viewing, converti
 CVE-2026-24122 (Cosign provides code signing and transparency for containers and binar ...)
 	TODO: check
 CVE-2026-21535 (Improper access control in Microsoft Teams allows an unauthorized atta ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-1658 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
 	NOT-FOR-US: OpenText
 CVE-2026-1292 (Tanium addressed an insertion of sensitive information into log file v ...)
@@ -193,7 +193,7 @@ CVE-2025-8055 (Server-Side Request Forgery (SSRF) vulnerability in OpenText\u212
 CVE-2025-8054 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: OpenText
 CVE-2025-67305 (In RUCKUS Network Director (RND) < 4.5.0.56, the OVA appliance contain ...)
-	TODO: check
+	NOT-FOR-US: RUCKUS
 CVE-2025-59819 (This vulnerability allows authenticated attackers to read an arbitrary ...)
 	TODO: check
 CVE-2025-30416 (Sensitive data disclosure and manipulation due to missing authorizatio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7364578334259cfb9add365ea5b9e5843137033d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7364578334259cfb9add365ea5b9e5843137033d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260220/d5a20196/attachment.htm>

More information about the debian-security-tracker-commits mailing list