[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jan 20 11:51:16 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b0680ccb by Moritz Muehlenhoff at 2026-01-20T12:50:53+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -172,9 +172,9 @@ CVE-2026-22037 (The @fastify/express plugin adds full Express compatibility to F
 CVE-2026-22031 (@fastify/middie is the plugin that adds middleware support on steroids ...)
 	NOT-FOR-US: fastify/middie
 CVE-2026-21696 (Wings is the server control plane for Pterodactyl, a free, open-source ...)
-	TODO: check
+	NOT-FOR-US: Wings
 CVE-2026-21618 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	NOT-FOR-US: hexpm
 CVE-2026-1181 (A stored cross-site scripting (XSS) vulnerability exists in the Altium ...)
 	NOT-FOR-US: Altium
 CVE-2026-1174 (A vulnerability was determined in birkir prime up to 0.4.0.beta.0. Thi ...)
@@ -230,13 +230,13 @@ CVE-2026-1007 (Incorrect Authorization vulnerability in virtual gateway componen
 CVE-2026-0610 (SQL Injection vulnerability in remote-sessions in Devolutions Server.T ...)
 	NOT-FOR-US: Devolutions
 CVE-2025-69199 (Wings is the server control plane for Pterodactyl, a free, open-source ...)
-	TODO: check
+	NOT-FOR-US: Wings
 CVE-2025-69198 (Pterodactyl is a free, open-source game server management panel. Ptero ...)
-	TODO: check
+	NOT-FOR-US: Pterodactyl
 CVE-2025-68616 (WeasyPrint helps web developers to create PDF documents. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: WeasyPrint
 CVE-2025-61684 (Quicly, an IETF QUIC protocol implementation, is susceptible to a deni ...)
-	TODO: check
+	NOT-FOR-US: Quicly
 CVE-2025-55252 (HCL AION version 2 is affected by a Weak Password Policy vulnerability ...)
 	NOT-FOR-US: HCL
 CVE-2025-55251 (HCL AION is affected by an Unrestricted File Upload vulnerability. Thi ...)
@@ -343,7 +343,7 @@ CVE-2026-1130 (A flaw has been found in Yonyou KSOA 9.0. This issue affects some
 CVE-2026-1129 (A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability af ...)
 	NOT-FOR-US: Yonyou KSOA
 CVE-2025-15539 (A vulnerability was determined in Open5GS up to 2.7.6. Impacted is the ...)
-	TODO: check
+	- open5gs <itp> (bug #1094791)
 CVE-2025-15538 (A security vulnerability has been detected in Open Asset Import Librar ...)
 	TODO: check
 CVE-2026-0943 (HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled lib ...)
@@ -352,7 +352,7 @@ CVE-2026-0943 (HarfBuzz::Shaper versions before 0.032 for Perl contains a bundle
 	NOTE: upload to the archive.
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/36208377/
 CVE-2026-1126 (A security vulnerability has been detected in lwj flow up to a3d2fe813 ...)
-	TODO: check
+	NOT-FOR-US: lwj flow
 CVE-2026-1125 (A weakness has been identified in D-Link DIR-823X 250416. Affected by  ...)
 	NOT-FOR-US: D-Link
 CVE-2026-1124 (A security flaw has been discovered in Yonyou KSOA 9.0. Affected by th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0680ccb67dc9b0672c5ca1610a89536f1418d75

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b0680ccb67dc9b0672c5ca1610a89536f1418d75
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260120/62bc0927/attachment.htm>

More information about the debian-security-tracker-commits mailing list