[Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs

Thu Jan 15 20:23:44 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
243eed17 by Salvatore Bonaccorso at 2026-01-15T21:22:38+01:00
Process some NFUs

- - - - -
eaf83903 by Salvatore Bonaccorso at 2026-01-15T21:22:40+01:00
Add CVE-2026-0976/keycloak

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2026-23766 (Istio through 1.28.2 allows iptables rule injection for changing firew ...)
-	TODO: check
+	NOT-FOR-US: Istio
 CVE-2026-23746 (Entrust Instant Financial Issuance (IFI) On Premise software (formerly ...)
-	TODO: check
+	NOT-FOR-US: Entrust Instant Financial Issuance (IFI) On Premise software
 CVE-2026-23622 (Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and ...)
-	TODO: check
+	NOT-FOR-US: Easy!Appointments
 CVE-2026-23527 (H3 is a minimal H(TTP) framework built for high performance and portab ...)
 	TODO: check
 CVE-2026-23520 (Arcane provides modern docker management. Prior to 1.13.0, Arcane has  ...)
@@ -11,15 +11,15 @@ CVE-2026-23520 (Arcane provides modern docker management. Prior to 1.13.0, Arcan
 CVE-2026-23519 (RustCrypto CMOV provides conditional move CPU intrinsics which are gua ...)
 	TODO: check
 CVE-2026-23511 (ZITADEL is an open source identity management platform. Prior to 4.9.1 ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-23496 (Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases t ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2026-23495 (Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prio ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2026-23494 (Pimcore is an Open Source Data & Experience Management Platform. Prior ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2026-23493 (Pimcore is an Open Source Data & Experience Management Platform. Prior ...)
-	TODO: check
+	NOT-FOR-US: Pimcore
 CVE-2026-22920 (The device's passwords have not been adequately salted, making them vu ...)
 	NOT-FOR-US: SICK AG
 CVE-2026-22919 (An attacker with administrative access may inject malicious content in ...)
@@ -49,7 +49,7 @@ CVE-2026-22908 (Uploading unvalidated container images may allow remote attacker
 CVE-2026-22907 (An attacker may gain unauthorized access to the host filesystem, poten ...)
 	NOT-FOR-US: SICK AG
 CVE-2026-22867 (LaSuite Doc is a collaborative note taking, wiki and documentation pla ...)
-	TODO: check
+	NOT-FOR-US: LaSuite Doc
 CVE-2026-22803 (SvelteKit is a framework for rapidly developing robust, performant web ...)
 	TODO: check
 CVE-2026-22775 (Svelte devalue is a JavaScript library that serializes values into str ...)
@@ -93,7 +93,7 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontr
 CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related to how  ...)
 	TODO: check
 CVE-2026-0976 (A flaw was found in Keycloak. This improper input validation vulnerabi ...)
-	TODO: check
+	- keycloak <itp> (bug #1088287)
 CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the HDF5 weigh ...)
 	TODO: check
 CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/* endpoint ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a974272cccd735b938c9d7902e9fb52e34bf8e1...eaf8390388aa0aebb5bca1543ef5a44f207873ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5a974272cccd735b938c9d7902e9fb52e34bf8e1...eaf8390388aa0aebb5bca1543ef5a44f207873ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260115/05e0f58f/attachment.htm>
