[Git][security-tracker-team/security-tracker][master] Process some NFUs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
53d52e1c by Salvatore Bonaccorso at 2026-06-03T22:11:37+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,31 +1,31 @@
 CVE-2026-8889 (Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 ha ...)
-	TODO: check
+	NOT-FOR-US: Securly Chrome Extension
 CVE-2026-8888 (Version 3.0.7 of the Securly Chrome Extension downloads config.json ov ...)
-	TODO: check
+	NOT-FOR-US: Securly Chrome Extension
 CVE-2026-8881 (Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key  ...)
-	TODO: check
+	NOT-FOR-US: Securly Chrome Extension
 CVE-2026-8879 (Version 3.0.7 of the Securly Chrome Extension dynamically registers co ...)
-	TODO: check
+	NOT-FOR-US: Securly Chrome Extension
 CVE-2026-8878 (Version 3.0.7 of the Securly Chrome Extension exposes multiple publicl ...)
-	TODO: check
+	NOT-FOR-US: Securly Chrome Extension
 CVE-2026-8876 (Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plai ...)
-	TODO: check
+	NOT-FOR-US: Securly Chrome Extension
 CVE-2026-8874 (Version 3.0.7 of the Securly Chrome Extension downloads JSON files con ...)
-	TODO: check
+	NOT-FOR-US: Securly Chrome Extension
 CVE-2026-7888 (Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via uns ...)
-	TODO: check
+	NOT-FOR-US: Concrete CMS
 CVE-2026-6657 (A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allow ...)
 	TODO: check
 CVE-2026-5241 (A vulnerability in the LightGlue model loading path of huggingface/tra ...)
-	TODO: check
+	NOT-FOR-US: huggingface/transformers
 CVE-2026-5078 (Impact: The morgan logging middleware's :remote-user token extracts th ...)
 	TODO: check
 CVE-2026-4035 (A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for t ...)
 	NOT-FOR-US: mlflow
 CVE-2026-47325 (ProjectsAndPrograms school-management-systemuses predictable credentia ...)
-	TODO: check
+	NOT-FOR-US: ProjectsAndPrograms school-management-system
 CVE-2026-47324 (ProjectsAndPrograms school-management-system is vulnerable to Stored C ...)
-	TODO: check
+	NOT-FOR-US: ProjectsAndPrograms school-management-system
 CVE-2026-47065 (ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter By ...)
 	TODO: check
 CVE-2026-45702 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
@@ -39,9 +39,9 @@ CVE-2026-44545 (daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessa
 CVE-2026-44281 (GLPI is a free asset and IT management software package. Starting in v ...)
 	TODO: check
 CVE-2026-42840 (An authenticated user can persist arbitrary HTML/JavaScript in the ema ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-42839 (An authenticated ERPNext user with Item record edit permissions can pe ...)
-	TODO: check
+	NOT-FOR-US: ERPNext
 CVE-2026-42321 (GLPI is a free asset and IT management software package. Starting in v ...)
 	TODO: check
 CVE-2026-42320 (GLPI is a free asset and IT management software package. Starting in v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53d52e1ccbd44c10c45ea0c19bd6b02e89120112

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53d52e1ccbd44c10c45ea0c19bd6b02e89120112
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260603/970598ec/attachment.htm>