[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Feb 28 08:47:54 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
20cb0263 by Salvatore Bonaccorso at 2026-02-28T09:47:26+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,19 +3,19 @@ CVE-2026-2647
 CVE-2026-2471 (The WP Mail Logging plugin for WordPress is vulnerable to PHP Object I ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-28517 (openDCIM version 23.04, through commit 4467e9c4, contains an OS comman ...)
-	TODO: check
+	NOT-FOR-US: openDCIM
 CVE-2026-28516 (openDCIM version 23.04, through commit 4467e9c4, contains a SQL inject ...)
-	TODO: check
+	NOT-FOR-US: openDCIM
 CVE-2026-28515 (openDCIM version 23.04, through commit 4467e9c4, contains a missing au ...)
-	TODO: check
+	NOT-FOR-US: openDCIM
 CVE-2026-28426 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2026-28425 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2026-28424 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2026-28423 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2026-28422 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
 	- vim <unfixed>
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf
@@ -33,11 +33,11 @@ CVE-2026-28419 (Vim is an open source, command line text editor. Prior to versio
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv
 	NOTE: Fixed by: https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812812d580c7879f4a0 (v9.2.0075)
 CVE-2026-28416 (Gradio is an open-source Python package designed for quick prototyping ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2026-28415 (Gradio is an open-source Python package designed for quick prototyping ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2026-28414 (Gradio is an open-source Python package designed for quick prototyping ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2026-28411 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-28409 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
@@ -45,39 +45,39 @@ CVE-2026-28409 (WeGIA is a web manager for charitable institutions. Prior to ver
 CVE-2026-28408 (WeGIA is a web manager for charitable institutions. Prior to version 3 ...)
 	NOT-FOR-US: WeGIA
 CVE-2026-28407 (malcontent is software for discovering supply-chain compromises throug ...)
-	TODO: check
+	NOT-FOR-US: chainguard-dev malcontent (different from src:malcontent)
 CVE-2026-28406 (kaniko is a tool to build container images from a Dockerfile, inside a ...)
-	TODO: check
+	NOT-FOR-US: kaniko
 CVE-2026-28402 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of ...)
-	TODO: check
+	NOT-FOR-US: nimiq/core-rs-albatross
 CVE-2026-28400 (Docker Model Runner (DMR) is software used to manage, run, and deploy  ...)
-	TODO: check
+	NOT-FOR-US: Docker Model Runner (DMR)
 CVE-2026-28355 (Canarytokens help track activity and actions on a network. Versions pr ...)
-	TODO: check
+	NOT-FOR-US: Canarytokens
 CVE-2026-28352 (Indico is an event management system that uses Flask-Multipass, a mult ...)
-	TODO: check
+	NOT-FOR-US: Indico
 CVE-2026-28351 (pypdf is a free and open-source pure-python PDF library. Prior to vers ...)
 	TODO: check
 CVE-2026-28338 (PMD is an extensible multilanguage static code analyzer. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: PMD
 CVE-2026-28288 (Dify is an open-source LLM app development platform. Prior to 1.9.0, r ...)
-	TODO: check
+	NOT-FOR-US: Dify
 CVE-2026-28272 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2026-28271 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2026-28270 (Kiteworks is a private data network (PDN). Prior to version 9.2.0, a v ...)
-	TODO: check
+	NOT-FOR-US: Kiteworks
 CVE-2026-28268 (Vikunja is an open-source self-hosted task management platform. Versio ...)
-	TODO: check
+	NOT-FOR-US: Vikunja
 CVE-2026-28231 (pillow_heif is a Python library for working with HEIF images and plugi ...)
-	TODO: check
+	NOT-FOR-US: pillow_heif Python library
 CVE-2026-27939 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2026-27759 (Featured Image from Content (featured-image-from-content) WordPress pl ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-27167 (Gradio is an open-source Python package designed for quick prototyping ...)
-	TODO: check
+	NOT-FOR-US: Gradio
 CVE-2026-1542 (The Super Stage WP WordPress plugin through 1.0.1 unserializes user in ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2025-13673 (The Tutor LMS \u2013 eLearning and online course solution plugin for W ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cb0263f0d794c87d42dbed837ad620388660d4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cb0263f0d794c87d42dbed837ad620388660d4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260228/c0224861/attachment.htm>

More information about the debian-security-tracker-commits mailing list