[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jan 20 11:42:40 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e28b39fc by Moritz Muehlenhoff at 2026-01-20T12:42:21+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2026-23949 (jaraco.context, an open-source software package that provides so
 	NOTE: https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2
 	NOTE: Fixed by: https://github.com/jaraco/jaraco.context/commit/7b26a42b525735e4085d2e994e13802ea339d5f9 (v6.1.0)
 CVE-2026-23947 (Orval generates type-safe JS clients (TypeScript) from any valid OpenA ...)
-	TODO: check
+	NOT-FOR-US: Orval
 CVE-2026-23944 (Arcane is an interface for managing Docker containers, images, network ...)
 	NOT-FOR-US: Arcane
 CVE-2026-23917
@@ -48,7 +48,7 @@ CVE-2026-23876 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/2fae24192b78fdfdd27d766fd21d90aeac6ea8b8 (7.1.2-13)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/536512a2c60cd6e8c21c1256c2ee4da48d903e0c (6.9.13-38)
 CVE-2026-23875 (CrawlChat is an open-source, AI-powered platform that transforms techn ...)
-	TODO: check
+	NOT-FOR-US: CrawlChat
 CVE-2026-23874 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-9vj4-wc7r-p844
@@ -66,9 +66,9 @@ CVE-2026-22770 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-39h3-g67r-7g3c
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/3e0330721020e0c5bb52e4b77c347527dd71658e (7.1.2-13)
 CVE-2026-22219 (Chainlit versions prior to 2.9.4 contain a server-side request forgery ...)
-	TODO: check
+	NOT-FOR-US: Chainlit
 CVE-2026-22218 (Chainlit versions prior to 2.9.4 contain an arbitrary file read vulner ...)
-	TODO: check
+	NOT-FOR-US: Chainlit
 CVE-2026-1223 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an I ...)
 	NOT-FOR-US: PrismX MX100 AP
 CVE-2026-1222 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an A ...)
@@ -76,7 +76,7 @@ CVE-2026-1222 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has
 CVE-2026-1221 (PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS  has a U ...)
 	NOT-FOR-US: PrismX MX100 AP
 CVE-2026-1218 (A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted ...)
-	TODO: check
+	NOT-FOR-US: Bjskzy Zhiyou ERP
 CVE-2026-1203 (A weakness has been identified in CRMEB up to 5.6.3. The impacted elem ...)
 	NOT-FOR-US: CRMEB
 CVE-2026-1202 (A security flaw has been discovered in CRMEB up to 5.6.3. The affected ...)
@@ -92,17 +92,17 @@ CVE-2026-1194 (A security flaw has been discovered in MineAdmin 1.x/2.x. This af
 CVE-2026-1193 (A vulnerability was identified in MineAdmin 1.x/2.x. The impacted elem ...)
 	NOT-FOR-US: MineAdmin
 CVE-2026-1192 (A vulnerability was determined in Tosei Online Store Management System ...)
-	TODO: check
+	NOT-FOR-US: Tosei Online Store Management System
 CVE-2026-1179 (A vulnerability was detected in Yonyou KSOA 9.0. This affects an unkno ...)
-	TODO: check
+	NOT-FOR-US: Yonyou KSOA
 CVE-2026-1178 (A security vulnerability has been detected in Yonyou KSOA 9.0. Affecte ...)
-	TODO: check
+	NOT-FOR-US: Yonyou KSOA
 CVE-2026-1177 (A weakness has been identified in Yonyou KSOA 9.0. Affected by this vu ...)
-	TODO: check
+	NOT-FOR-US: Yonyou KSOA
 CVE-2026-1176 (A security flaw has been discovered in itsourcecode School Management  ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-1175 (A vulnerability was identified in birkir prime up to 0.4.0.beta.0. Thi ...)
-	TODO: check
+	NOT-FOR-US: Prime CMS
 CVE-2026-1051 (The Newsletter \u2013 Send awesome emails from WordPress plugin for Wo ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-1045 (The Viet contact plugin for WordPress is vulnerable to Stored Cross-Si ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28b39fca5514f83f184140cb53d282e561a1c65

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e28b39fca5514f83f184140cb53d282e561a1c65
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260120/af3464ed/attachment.htm>

More information about the debian-security-tracker-commits mailing list