[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 22 20:51:18 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f36e6228 by Salvatore Bonaccorso at 2026-01-22T21:50:54+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -79,11 +79,11 @@ CVE-2026-24034 (Horilla is a free and open source Human Resource Management Syst
 CVE-2026-24010 (Horilla is a free and open source Human Resource Management System (HR ...)
 	NOT-FOR-US: Horilla
 CVE-2026-24009 (Docling Core (or docling-core) is a library that defines core data typ ...)
-	TODO: check
+	NOT-FOR-US: Docling Core
 CVE-2026-24006 (Seroval facilitates JS value stringification, including complex struct ...)
-	TODO: check
+	NOT-FOR-US: Seroval
 CVE-2026-24002 (Grist is spreadsheet software using Python as its formula language. Gr ...)
-	TODO: check
+	NOT-FOR-US: Grist
 CVE-2026-24001 (jsdiff is a JavaScript text differencing implementation. Prior to vers ...)
 	TODO: check
 CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic library that provides an A ...)
@@ -93,9 +93,9 @@ CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF). Sta
 CVE-2026-23991 (go-tuf is a Go implementation of The Update Framework (TUF). Starting  ...)
 	TODO: check
 CVE-2026-23990 (The Flux Operator is a Kubernetes CRD controller that manages the life ...)
-	TODO: check
+	NOT-FOR-US: Flux Operator
 CVE-2026-23986 (Copier is a library and CLI app for rendering project templates. Prior ...)
-	TODO: check
+	NOT-FOR-US: Copier library and CLI app
 CVE-2026-23978 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23976 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
@@ -105,7 +105,7 @@ CVE-2026-23975 (Improper Control of Filename for Include/Require Statement in PH
 CVE-2026-23974 (Missing Authorization vulnerability in uxper Golo golo allows Exploiti ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-23968 (Copier is a library and CLI app for rendering project templates. Prior ...)
-	TODO: check
+	NOT-FOR-US: Copier library and CLI app
 CVE-2026-23967 (sm-crypto provides JavaScript implementations of the Chinese cryptogra ...)
 	TODO: check
 CVE-2026-23966 (sm-crypto provides JavaScript implementations of the Chinese cryptogra ...)
@@ -121,19 +121,19 @@ CVE-2026-23962 (Mastodon is a free, open-source social network server based on A
 CVE-2026-23961 (Mastodon is a free, open-source social network server based on Activit ...)
 	TODO: check
 CVE-2026-23960 (Argo Workflows is an open source container-native workflow engine for  ...)
-	TODO: check
+	NOT-FOR-US: Argo Workflows
 CVE-2026-23959 (CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL  ...)
-	TODO: check
+	NOT-FOR-US: CoreShop
 CVE-2026-23958 (Dataease is an open source data visualization analysis tool. Prior to  ...)
 	NOT-FOR-US: DataEase
 CVE-2026-23957 (seroval facilitates JS value stringification, including complex struct ...)
-	TODO: check
+	NOT-FOR-US: Seroval
 CVE-2026-23956 (seroval facilitates JS value stringification, including complex struct ...)
-	TODO: check
+	NOT-FOR-US: Seroval
 CVE-2026-23951 (SumatraPDF is a multi-format reader for Windows. All versions contain  ...)
-	TODO: check
+	NOT-FOR-US: SumatraPDF
 CVE-2026-23946 (Tendenci is an open source content management system built for non-pro ...)
-	TODO: check
+	NOT-FOR-US: Tendenci CMS
 CVE-2026-23893 (openCryptoki is a PKCS#11 library and provides tooling for Linux and A ...)
 	TODO: check
 CVE-2026-23887 (Group-Office is an enterprise customer relationship management and gro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36e6228834d3a6cd6b148d96fb183d14f33c796

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f36e6228834d3a6cd6b148d96fb183d14f33c796
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/744b92a5/attachment.htm>

More information about the debian-security-tracker-commits mailing list