[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 27 08:41:59 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b56ab787 by Salvatore Bonaccorso at 2026-01-27T09:41:38+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,7 +7,7 @@ CVE-2026-24686 (go-tuf is a Go implementation of The Update Framework (TUF). go-
 	NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-jqc5-w2xx-5vq4
 	NOTE: https://github.com/theupdateframework/go-tuf/commit/d361e2ea24e427581343dee5c7a32b485d79fcc0 (v2.4.1)
 CVE-2026-24490 (MobSF is a mobile application security testing tool used. Prior to ver ...)
-	TODO: check
+	NOT-FOR-US: Mobile Security Framework (MobSF)
 CVE-2026-24489 (Gakido is a Python HTTP client focused on browser impersonation and an ...)
 	TODO: check
 CVE-2026-24486 (Python-Multipart is a streaming multipart parser for Python. Prior to  ...)
@@ -17,15 +17,15 @@ CVE-2026-24486 (Python-Multipart is a streaming multipart parser for Python. Pri
 CVE-2026-24480 (QGIS is a free, open source, cross platform geographical information s ...)
 	TODO: check
 CVE-2026-24479 (HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ...)
-	TODO: check
+	NOT-FOR-US: HUSTOF
 CVE-2026-24478 (AnythingLLM is an application that turns pieces of content into contex ...)
-	TODO: check
+	NOT-FOR-US: AnythingLLM
 CVE-2026-24477 (AnythingLLM is an application that turns pieces of content into contex ...)
-	TODO: check
+	NOT-FOR-US: AnythingLLM
 CVE-2026-24476 (Shaarli is a personal bookmarking service. Prior to version 0.16.0, cr ...)
 	TODO: check
 CVE-2026-24470 (Skipper is an HTTP router and reverse proxy for service composition. P ...)
-	TODO: check
+	NOT-FOR-US: Zalando Skipper
 CVE-2026-24408 (sigstore-python is a Python tool for generating and verifying Sigstore ...)
 	TODO: check
 CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the Java Virtu ...)
@@ -33,11 +33,11 @@ CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the Java
 CVE-2026-24131 (pnpm is a package manager. Prior to version 10.28.2, when pnpm process ...)
 	TODO: check
 CVE-2026-24123 (BentoML is a Python library for building online serving systems optimi ...)
-	TODO: check
+	NOT-FOR-US: BentoML
 CVE-2026-24056 (pnpm is a package manager. Prior to version 10.28.2, when pnpm install ...)
 	TODO: check
 CVE-2026-24003 (EVerest is an EV charging software stack. In versions up to and includ ...)
-	TODO: check
+	NOT-FOR-US: EVerest
 CVE-2026-23890 (pnpm is a package manager. Prior to version 10.28.1, a path traversal  ...)
 	TODO: check
 CVE-2026-23889 (pnpm is a package manager. Prior to version 10.28.1, a path traversal  ...)
@@ -53,13 +53,13 @@ CVE-2026-22696 (dcap-qvl implements the quote verification logic for DCAP (Data
 CVE-2026-21408 (beat-access for Windows version 3.0.3 and prior contains an issue with ...)
 	TODO: check
 CVE-2026-1449 (A flaw has been found in Hisense TransTech Smart Bus Management System ...)
-	TODO: check
+	NOT-FOR-US: Hisense TransTech Smart Bus Management System
 CVE-2026-1448 (A vulnerability was detected in D-Link DIR-615 up to 4.10. This impact ...)
 	NOT-FOR-US: D-Link
 CVE-2026-1445 (A vulnerability was found in iJason-Liu Books_Manager up to 298ba73638 ...)
-	TODO: check
+	NOT-FOR-US: iJason-Liu Books_Manager
 CVE-2026-1444 (A vulnerability has been found in iJason-Liu Books_Manager up to 298ba ...)
-	TODO: check
+	NOT-FOR-US: iJason-Liu Books_Manager
 CVE-2026-1443 (A flaw has been found in code-projects Online Music Site 1.0. Affected ...)
 	NOT-FOR-US: code-projects
 CVE-2026-1361 (ASDA-Soft Stack-based Buffer Overflow Vulnerability)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b56ab7872499c467b661488491d6970c84ed4609

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b56ab7872499c467b661488491d6970c84ed4609
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/670a68bb/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list