[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Feb 26 20:33:56 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
70922707 by Salvatore Bonaccorso at 2026-02-26T21:33:24+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-3071 (Deserialization of untrusted data in the LanguageModel class of Flair  ...)
-	TODO: check
+	NOT-FOR-US: LanguageModel class of Flair
 CVE-2026-2680 (Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in ...)
 	TODO: check
 CVE-2026-2679 (Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in ...)
@@ -25,9 +25,9 @@ CVE-2026-28131 (Insertion of Sensitive Information Into Sent Data vulnerability
 CVE-2026-28083 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27510 (Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the ...)
-	TODO: check
+	NOT-FOR-US: Unitree Go2 firmware
 CVE-2026-27509 (Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU)  ...)
-	TODO: check
+	NOT-FOR-US: Unitree Go2 firmware
 CVE-2026-27141 (Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a ...)
 	TODO: check
 CVE-2026-26979 (Discourse is an open source discussion platform. Prior to versions 202 ...)
@@ -195,7 +195,7 @@ CVE-2026-27901 (Svelte performance oriented web framework. Prior to version 5.53
 CVE-2026-27900 (The Terraform Provider for Linode versions prior to v3.9.0 logged sens ...)
 	NOT-FOR-US: Terraform Provider for Linode
 CVE-2026-27899 (WireGuard Portal (or wg-portal) is a web-based configuration portal fo ...)
-	TODO: check
+	NOT-FOR-US: WireGuard Portal
 CVE-2026-27896 (The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC ...)
 	NOT-FOR-US: Go MCP SDK
 CVE-2026-27888 (pypdf is a free and open-source pure-python PDF library. Prior to 6.7. ...)
@@ -205,7 +205,7 @@ CVE-2026-27888 (pypdf is a free and open-source pure-python PDF library. Prior t
 	NOTE: https://github.com/py-pdf/pypdf/pull/3658
 	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c (6.7.3)
 CVE-2026-27887 (Spin is an open source developer tool for building and running serverl ...)
-	TODO: check
+	NOT-FOR-US: Spin
 CVE-2026-27884 (NetExec is a network execution tool. Prior to version 1.5.1, the modul ...)
 	NOT-FOR-US: NetExec
 CVE-2026-27840 (ZITADEL is an open source identity management platform. Starting in ve ...)
@@ -248,45 +248,45 @@ CVE-2026-27798 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738 (7.1.2-14)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/59edeec2b2adf2ca37454d622f3bca2a61893146 (6.9.13-39)
 CVE-2026-27735 (Model Context Protocol Servers is a collection of reference implementa ...)
-	TODO: check
+	NOT-FOR-US: Model Context Protocol Servers
 CVE-2026-27711 (NanaZip is an open source file archive. Starting in version 5.0.1252.0 ...)
-	TODO: check
+	NOT-FOR-US: NanaZip
 CVE-2026-27710 (NanaZip is an open source file archive. Starting in version 5.0.1252.0 ...)
-	TODO: check
+	NOT-FOR-US: NanaZip
 CVE-2026-27709 (NanaZip is an open source file archive. Starting in version 5.0.1252.0 ...)
-	TODO: check
+	NOT-FOR-US: NanaZip
 CVE-2026-27635 (Manyfold is an open source, self-hosted web application for managing a ...)
 	TODO: check
 CVE-2026-27633 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Ver ...)
-	TODO: check
+	NOT-FOR-US: TinyWeb
 CVE-2026-27630 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Ver ...)
-	TODO: check
+	NOT-FOR-US: TinyWeb
 CVE-2026-27616 (Vikunja is an open-source self-hosted task management platform. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Vikunja
 CVE-2026-27613 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A v ...)
-	TODO: check
+	NOT-FOR-US: TinyWeb
 CVE-2026-27578 (n8n is an open source workflow automation platform. Prior to versions  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-27577 (n8n is an open source workflow automation platform. Prior to versions  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-27575 (Vikunja is an open-source self-hosted task management platform. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Vikunja
 CVE-2026-27498 (n8n is an open source workflow automation platform. Prior to versions  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-27497 (n8n is an open source workflow automation platform. Prior to versions  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-27495 (n8n is an open source workflow automation platform. Prior to versions  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-27494 (n8n is an open source workflow automation platform. Prior to versions  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-27493 (n8n is an open source workflow automation platform. Prior to versions  ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-27465 (Fleet is open source device management software. In versions prior to  ...)
-	TODO: check
+	NOT-FOR-US: Fleet
 CVE-2026-27148 (Storybook is a frontend workshop for building user interface component ...)
-	TODO: check
+	NOT-FOR-US: Storybook
 CVE-2026-27116 (Vikunja is an open-source self-hosted task management platform. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Vikunja
 CVE-2026-26985 (LORIS (Longitudinal Online Research and Imaging System) is a self-host ...)
 	TODO: check
 CVE-2026-26984 (LORIS (Longitudinal Online Research and Imaging System) is a self-host ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709227077cf1a6fdd5d50c9e0c0f7b309c22b60b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/709227077cf1a6fdd5d50c9e0c0f7b309c22b60b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260226/52edc021/attachment.htm>

More information about the debian-security-tracker-commits mailing list