[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Feb 24 20:00:39 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d855940 by Salvatore Bonaccorso at 2026-02-24T21:00:14+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -419,7 +419,7 @@ CVE-2026-25897 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60 (7.1.2-14)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5e28bb254210580ac12234cc9ba4ae57c193129c (6.9.13-39)
 CVE-2026-25802 (New API is a large language mode (LLM) gateway and artificial intellig ...)
-	TODO: check
+	NOT-FOR-US: New API (QuantumNous/new-api)
 CVE-2026-25799 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
@@ -451,9 +451,9 @@ CVE-2026-25794 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vhqj-f5cj-9x8h
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ffe589df5ff8ce1433daa4ccb0d2a9fadfbe30ed (7.1.2-14)
 CVE-2026-25649 (Versions of the Traccar open-source GPS tracking system up to and incl ...)
-	TODO: check
+	NOT-FOR-US: Traccar
 CVE-2026-25648 (Versions of the Traccar open-source GPS tracking system starting with  ...)
-	TODO: check
+	NOT-FOR-US: Traccar
 CVE-2026-25638 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw
@@ -463,7 +463,7 @@ CVE-2026-25637 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137 (7.1.2-14)
 CVE-2026-25591 (New API is a large language mode (LLM) gateway and artificial intellig ...)
-	TODO: check
+	NOT-FOR-US: New API (QuantumNous/new-api)
 CVE-2026-25576 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j
@@ -471,9 +471,9 @@ CVE-2026-25576 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/95db8ba0f445a798e823a86acdebe97de73de449 (6.9.13-39)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/44b3140f3414ebc02c5fa8b80551f7d33950a87a (6.9.13-39)
 CVE-2026-25545 (Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2026-25501 (free5GC SMF provides Session Management Function for free5GC, an open- ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2026-24485 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
@@ -495,47 +495,47 @@ CVE-2026-24481 (ImageMagick is free and open-source software used for editing an
 CVE-2026-24314 (Under certain conditions SAP S/4HANA (Manage Payment Media) allows an  ...)
 	NOT-FOR-US: SAP
 CVE-2026-23694 (Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions pr ...)
-	TODO: check
+	NOT-FOR-US: Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin
 CVE-2026-23693 (ElementsKit Lite (elementskit-lite) WordPress plugin versions prior to ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-23521 (Versions of the Traccar open-source GPS tracking system up to and incl ...)
-	TODO: check
+	NOT-FOR-US: Traccar
 CVE-2026-21864 (Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter ...)
-	TODO: check
+	NOT-FOR-US: Valkey-Bloom
 CVE-2026-21863 (Valkey is a distributed key-value database. Prior to versions 9.0.2, 8 ...)
 	TODO: check
 CVE-2026-21665 (The Print Service component of Fiserv Originate Loans Peripherals (for ...)
-	TODO: check
+	NOT-FOR-US: Fiserv Originate Loans Peripherals
 CVE-2026-1459 (A post-authentication command injection vulnerability in the TR-369 ce ...)
 	NOT-FOR-US: Zyxel
 CVE-2026-1229 (The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 cur ...)
-	TODO: check
+	NOT-FOR-US: Cloudflare CIRCL ecc/p384 package
 CVE-2025-9120 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: OpenText
 CVE-2025-71056 (Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 ...)
-	TODO: check
+	NOT-FOR-US: GCOM EPON 1GE ONU
 CVE-2025-70328 (TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injecti ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-70327 (TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2025-69253 (free5GC is an open-source project for 5th generation (5G) mobile core  ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-69252 (free5gc UDM provides Unified Data Management (UDM) for free5GC, an ope ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-69251 (free5gc UDM provides Unified Data Management (UDM) for free5GC, an ope ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-69250 (free5gc UDM provides Unified Data Management (UDM) for free5GC, an ope ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-69248 (free5GC is an open-source project for 5th generation (5G) mobile core  ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-69247 (free5GC go-upf is the User Plane Function (UPF) implementation for 5G  ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-69232 (free5GC is an open-source project for 5th generation (5G) mobile core  ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-69208 (free5GC UDR is the user data repository (UDR) for free5GC, an an open- ...)
-	TODO: check
+	NOT-FOR-US: Free5GC
 CVE-2025-68930 (Versions of the Traccar open-source GPS tracking system up to and incl ...)
-	TODO: check
+	NOT-FOR-US: Traccar
 CVE-2025-67733 (Valkey is a distributed key-value database. Prior to versions 9.0.2, 8 ...)
 	TODO: check
 CVE-2025-40541 (An Insecure Direct Object Reference (IDOR) vulnerability exists in Ser ...)
@@ -547,7 +547,7 @@ CVE-2025-40539 (A type confusion vulnerability exists in Serv-U which when explo
 CVE-2025-40538 (A broken access control vulnerability exists in Serv-U which when expl ...)
 	NOT-FOR-US: SolarWinds
 CVE-2025-15589 (A vulnerability was determined in MuYuCMS 2.7. Affected is the functio ...)
-	TODO: check
+	NOT-FOR-US: MuYuCMS
 CVE-2025-15386 (The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vul ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13943 (A post-authentication command injection vulnerability in the log file  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d85594043885e3051f78aa148237767eed0e217

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d85594043885e3051f78aa148237767eed0e217
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260224/1295295d/attachment.htm>

More information about the debian-security-tracker-commits mailing list