[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 8 09:19:25 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6aed79cd by Moritz Muehlenhoff at 2026-01-08T10:19:05+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -9,15 +9,15 @@ CVE-2026-22578
 CVE-2026-22577
 	REJECTED
 CVE-2026-22190 (Panda3D versions up to and including 1.10.16 egg-mkfont contains an un ...)
-	TODO: check
+	NOT-FOR-US: Panda3D
 CVE-2026-22189 (Panda3D versions up to and including 1.10.16 egg-mkfont contains a sta ...)
-	TODO: check
+	NOT-FOR-US: Panda3D
 CVE-2026-22188 (Panda3D versions up to and including 1.10.16 deploy-stub contains a de ...)
-	TODO: check
+	NOT-FOR-US: Panda3D
 CVE-2026-22187 (Bio-Formats versions up to and including 8.3.0 perform unsafe Java des ...)
-	TODO: check
+	NOT-FOR-US: Bio-Formats
 CVE-2026-22186 (Bio-Formats versions up to and including 8.3.0 contain an XML External ...)
-	TODO: check
+	NOT-FOR-US: Bio-Formats
 CVE-2026-22185 (OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load contains a h ...)
 	- openldap <unfixed>
 	NOTE: https://seclists.org/fulldisclosure/2026/Jan/5
@@ -30,7 +30,7 @@ CVE-2026-22046 (iccDEV provides a set of libraries and tools that allow for the
 CVE-2026-22035 (Greenshot is an open source Windows screenshot utility. Versions 1.3.3 ...)
 	NOT-FOR-US: Greenshot
 CVE-2026-21883 (Bokeh is an interactive visualization library written in Python. In ve ...)
-	TODO: check
+	- python-bokeh <itp> (bug #756017)
 CVE-2026-21881 (Kanboard is project management software focused on Kanban methodology. ...)
 	- kanboard <unfixed>
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739w
@@ -44,28 +44,28 @@ CVE-2026-21879 (Kanboard is project management software focused on Kanban method
 	NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcq
 	NOTE: https://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3de519f (v1.2.49)
 CVE-2026-21877 (n8n is an open source workflow automation platform. In versions 0.121. ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-21875 (ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 ...)
-	TODO: check
+	NOT-FOR-US: ClipBucket
 CVE-2026-21869 (llama.cpp is an inference of several LLM models in C/C++. In commits 5 ...)
 	- llama.cpp <unfixed>
 	NOTE: https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8947-pfff-2f3c
 CVE-2026-21868 (Flag Forge is a Capture The Flag (CTF) platform. Versions 2.3.2 and be ...)
-	TODO: check
+	NOT-FOR-US: Flag Forge
 CVE-2026-21859 (Mailpit is an email testing tool and API for developers. Versions 1.28 ...)
-	TODO: check
+	NOT-FOR-US: Mailpit
 CVE-2026-21858 (n8n is an open source workflow automation platform. Versions below 1.1 ...)
-	TODO: check
+	NOT-FOR-US: n8n
 CVE-2026-21857 (REDAXO is a PHP-based content management system. Prior to version 5.20 ...)
-	TODO: check
+	NOT-FOR-US: REDAXO
 CVE-2026-21851 (MONAI (Medical Open Network for AI) is an AI toolkit for health care i ...)
-	TODO: check
+	NOT-FOR-US: MONAI
 CVE-2026-21697 (axios4go is a Go HTTP client library. Prior to version 0.6.4, a race c ...)
-	TODO: check
+	NOT-FOR-US: axios4go
 CVE-2026-21695 (Titra is open source project time tracking software. In versions 0.99. ...)
-	TODO: check
+	NOT-FOR-US: Titra
 CVE-2026-21694 (Titra is open source project time tracking software. Versions 0.99.49  ...)
-	TODO: check
+	NOT-FOR-US: Titra
 CVE-2026-21693 (iccDEV provides a set of libraries and tools that allow for the intera ...)
 	NOT-FOR-US: iccDEV
 CVE-2026-21692 (iccDEV provides a set of libraries and tools that allow for the intera ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aed79cd0b5cc14aa34214f5e3db0fd86ebf44b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aed79cd0b5cc14aa34214f5e3db0fd86ebf44b3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/ca615f5d/attachment.htm>

More information about the debian-security-tracker-commits mailing list