[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 26 11:32:00 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
743e73e5 by Salvatore Bonaccorso at 2026-02-26T12:31:21+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,43 +61,43 @@ CVE-2026-27950 (FreeRDP is a free implementation of the Remote Desktop Protocol.
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rvfg-86cr-5r6p
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/5f62aa11c1bdf00f94c40ea9ebb260a752740b80 (3.23.0)
 CVE-2026-27948 (Copyparty is a portable file server. In versions prior to 1.20.9, an X ...)
-	TODO: check
+	NOT-FOR-US: Copyparty
 CVE-2026-27946 (ZITADEL is an open source identity management platform. Prior to versi ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-27945 (ZITADEL is an open source identity management platform. Zitadel Action ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-27943 (OpenEMR is a free and open source electronic health records and medica ...)
 	NOT-FOR-US: OpenEMR
 CVE-2026-27942 (fast-xml-parser allows users to validate XML, parse XML to JS object,  ...)
 	TODO: check
 CVE-2026-27941 (OpenLIT is an open source platform for AI engineering. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: OpenLIT
 CVE-2026-27938 (WPGraphQL provides a GraphQL API for WordPress sites. Prior to version ...)
-	TODO: check
+	NOT-FOR-US: WPGraphQL
 CVE-2026-27933 (Manyfold is an open source, self-hosted web application for managing a ...)
-	TODO: check
+	NOT-FOR-US: Manyfold
 CVE-2026-27904 (minimatch is a minimal matching utility for converting glob expression ...)
 	TODO: check
 CVE-2026-27903 (minimatch is a minimal matching utility for converting glob expression ...)
 	TODO: check
 CVE-2026-27902 (Svelte performance oriented web framework. Prior to version 5.53.5, er ...)
-	TODO: check
+	NOT-FOR-US: Svelte
 CVE-2026-27901 (Svelte performance oriented web framework. Prior to version 5.53.5, th ...)
-	TODO: check
+	NOT-FOR-US: Svelte
 CVE-2026-27900 (The Terraform Provider for Linode versions prior to v3.9.0 logged sens ...)
-	TODO: check
+	NOT-FOR-US: Terraform Provider for Linode
 CVE-2026-27899 (WireGuard Portal (or wg-portal) is a web-based configuration portal fo ...)
 	TODO: check
 CVE-2026-27896 (The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC ...)
-	TODO: check
+	NOT-FOR-US: Go MCP SDK
 CVE-2026-27888 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
 	TODO: check
 CVE-2026-27887 (Spin is an open source developer tool for building and running serverl ...)
 	TODO: check
 CVE-2026-27884 (NetExec is a network execution tool. Prior to version 1.5.1, the modul ...)
-	TODO: check
+	NOT-FOR-US: NetExec
 CVE-2026-27840 (ZITADEL is an open source identity management platform. Starting in ve ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-27837 (Dottie provides nested object access and manipulation in JavaScript. V ...)
 	TODO: check
 CVE-2026-27831 (rldns is an open source DNS server. Version 2.3 has a heap-based out-o ...)
@@ -105,21 +105,21 @@ CVE-2026-27831 (rldns is an open source DNS server. Version 2.3 has a heap-based
 CVE-2026-27830 (c3p0, a JDBC Connection pooling library, is vulnerable to attack via m ...)
 	TODO: check
 CVE-2026-27829 (Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in As ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2026-27821 (GPAC is an open-source multimedia framework. In versions up to and inc ...)
 	TODO: check
 CVE-2026-27819 (Vikunja is an open-source self-hosted task management platform. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Vikunja
 CVE-2026-27818 (TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for ...)
-	TODO: check
+	NOT-FOR-US: TerriaJS-Server
 CVE-2026-27812 (Sub2API is an AI API gateway platform designed to distribute and manag ...)
-	TODO: check
+	NOT-FOR-US: Sub2API
 CVE-2026-27809 (psd-tools is a Python package for working with Adobe Photoshop PSD fil ...)
 	TODO: check
 CVE-2026-27808 (Mailpit is an email testing tool and API for developers. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Mailpit
 CVE-2026-27804 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-27800 (Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exis ...)
 	TODO: check
 CVE-2026-27799 (ImageMagick is free and open-source software used for editing and mani ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743e73e5a6cf851c4daab846d3ed4df114280a6e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/743e73e5a6cf851c4daab846d3ed4df114280a6e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260226/3b524bc7/attachment.htm>

More information about the debian-security-tracker-commits mailing list