[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 21 09:02:38 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9b27bf7 by Salvatore Bonaccorso at 2026-02-21T10:02:20+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,15 +1,15 @@
 CVE-2026-2865 (A vulnerability was found in itsourcecode Agri-Trading Online Shopping ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-2864 (A vulnerability has been found in feng_ha_ha/megagao ssm-erp and produ ...)
-	TODO: check
+	NOT-FOR-US: feng_ha_ha/megagao ssm-erp
 CVE-2026-2863 (A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm ...)
-	TODO: check
+	NOT-FOR-US: feng_ha_ha/megagao ssm-erp
 CVE-2026-2861 (A vulnerability was detected in Foswiki up to 2.1.10. The affected ele ...)
 	- foswiki <itp> (bug #509864)
 CVE-2026-2860 (A security vulnerability has been detected in feng_ha_ha/megagao ssm-e ...)
-	TODO: check
+	NOT-FOR-US: feng_ha_ha/megagao ssm-erp
 CVE-2026-2858 (A vulnerability was identified in wren-lang wren up to 0.4.0. This aff ...)
-	TODO: check
+	NOT-FOR-US: wren-lang wren
 CVE-2026-2857 (A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by ...)
 	NOT-FOR-US: D-Link
 CVE-2026-2856 (A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this ...)
@@ -69,29 +69,29 @@ CVE-2026-27528
 CVE-2026-27527
 	REJECTED
 CVE-2026-27471 (ERP is a free and open source Enterprise Resource Planning tool. In ve ...)
-	TODO: check
+	NOT-FOR-US: Frappe ERP
 CVE-2026-27470 (ZoneMinder is a free, open source closed-circuit television software a ...)
 	- zoneminder <unfixed> (unimportant)
 	NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-r6gm-478g-f2c4
 	NOTE: Only supported for trusted users/behind auth
 CVE-2026-27469 (Isso is a lightweight commenting server written in Python and JavaScri ...)
-	TODO: check
+	NOT-FOR-US: Isso
 CVE-2026-27467 (BigBlueButton is an open-source virtual classroom. In versions 3.0.19  ...)
-	TODO: check
+	NOT-FOR-US: BigBlueButton
 CVE-2026-27466 (BigBlueButton is an open-source virtual classroom. In versions 3.0.21  ...)
-	TODO: check
+	NOT-FOR-US: BigBlueButton
 CVE-2026-27464 (Metabase is an open-source data analytics platform. In versions prior  ...)
-	TODO: check
+	NOT-FOR-US: Metabase
 CVE-2026-27458 (LinkAce is a self-hosted archive to collect website links. Versions 2. ...)
-	TODO: check
+	NOT-FOR-US: LinkAce
 CVE-2026-27452 (ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rule ...)
-	TODO: check
+	NOT-FOR-US: JonathanWilbur asn1-ts (not the same as node-asn1)
 CVE-2026-27212 (Swiper is a free and mobile touch slider with hardware accelerated tra ...)
-	TODO: check
+	NOT-FOR-US: Swiper
 CVE-2026-27211 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Ver ...)
 	TODO: check
 CVE-2026-27210 (Pannellum is a lightweight, free, and open source panorama viewer for  ...)
-	TODO: check
+	NOT-FOR-US: Pannellum
 CVE-2026-27205 (Flask is a web server gateway interface (WSGI) web application framewo ...)
 	TODO: check
 CVE-2026-27203 (eBay API MCP Server is an open source local MCP server providing AI as ...)
@@ -779,7 +779,7 @@ CVE-2026-2739 (This affects versions of the package bn.js before 5.2.3. Calling
 	NOTE: https://github.com/indutny/bn.js/pull/317
 	NOTE: Fixed by: https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b (v5.2.3)
 CVE-2026-2738 (Buffer overflow in ovpn\u2011dco\u2011winversion 2.8.0 allows local at ...)
-	TODO: check
+	NOT-FOR-US: OpenVPN ovpn-dco for Windows
 CVE-2026-2605 (Tanium addressed an insertion of sensitive information into log file v ...)
 	NOT-FOR-US: Tanium
 CVE-2026-2435 (Tanium addressed a SQL injection vulnerability in Asset.)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9b27bf78a6f726bd9e1ae4903259cee5aedd704

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d9b27bf78a6f726bd9e1ae4903259cee5aedd704
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260221/b78a67d2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list