[Git][security-tracker-team/security-tracker][master] Correct association of CVE-2020-26296 and track vega.js status

Fri Jan 9 20:05:26 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34b01ed3 by Salvatore Bonaccorso at 2026-01-09T21:03:06+01:00
Correct association of CVE-2020-26296 and track vega.js status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -462298,8 +462298,10 @@ CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpe
 CVE-2020-26297 (mdBook is a utility to create modern online books from Markdown files  ...)
 	NOT-FOR-US: mdBook
 CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	- kibana <itp> (bug #700337)
-	NOTE: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915
+	- vega.js <not-affected> (Fixed before initial upload to the archive)
+	NOTE: https://github.com/vega/vega/security/advisories/GHSA-r2qc-w64x-6j54
+	NOTE: https://github.com/vega/vega/issues/3018
+	NOTE: https://github.com/vega/vega/pull/3019
 CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In OpenMage  ...)
 	NOT-FOR-US: OpenMage
 CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b01ed36a44febc8249624049c82fb7ddc8f041

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34b01ed36a44febc8249624049c82fb7ddc8f041
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260109/010c3876/attachment.htm>
