[Git][security-tracker-team/security-tracker][master] NFUs

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
effb4d94 by Moritz Muehlenhoff at 2026-06-10T12:04:30+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,7 +153,8 @@ CVE-2026-47903 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 an
 CVE-2026-47902 (CAI Content Credentials versions c2pa-web at 0.7.1, c2pa-v0.80.1 and earl ...)
 	NOT-FOR-US: Adobe
 CVE-2026-47838 (SubjectDnX509PrincipalExtractor does not correctly handle certain malf ...)
-	TODO: check
+	- libspring-security-2.0-java <removed>
+	NOTE: https://spring.io/security/cve-2026-47838
 CVE-2026-47106 (Ellucian Banner Self-Service before the April T2 release (2025-04-23)  ...)
 	NOT-FOR-US: Ellucian Banner Self-Service
 CVE-2026-46546 (Frappe Learning Management System (LMS) is a learning system that help ...)
@@ -187,7 +188,7 @@ CVE-2026-46374 (SQLFluff is a modular SQL linter and auto-formatter with support
 CVE-2026-46373 (SQLFluff is a modular SQL linter and auto-formatter with support for m ...)
 	TODO: check
 CVE-2026-45782 (Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Fro ...)
-	TODO: check
+	NOT-FOR-US: Cloud Hypervisor
 CVE-2026-45542 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
 	NOT-FOR-US: ESF-IDF
 CVE-2026-45541 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
@@ -199,7 +200,7 @@ CVE-2026-45328 (ESF-IDF is the Espressif Internet of Things (IOT) Development Fr
 CVE-2026-45160 (ESF-IDF is the Espressif Internet of Things (IOT) Development Framewor ...)
 	NOT-FOR-US: ESF-IDF
 CVE-2026-44963 (A vulnerability allowing remote code execution (RCE) on the Backup Ser ...)
-	TODO: check
+	NOT-FOR-US: Veeam
 CVE-2026-44716 (Pipecat is an open-source Python framework for building real-time voic ...)
 	TODO: check
 CVE-2026-44634 (SimpleBLE is a cross-platform library and bindings for Bluetooth Low E ...)
@@ -291,9 +292,9 @@ CVE-2026-26239 (A buffer overflow vulnerability has been reported to affect File
 CVE-2026-26237 (A missing authorization vulnerability has been reported to affect QuMa ...)
 	NOT-FOR-US: QNAP
 CVE-2026-25860 (OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulne ...)
-	TODO: check
+	NOT-FOR-US: OpenClinic GA
 CVE-2026-25557 (Evoluted PHP Directory Listing Script through 4.0.5 contains a reflect ...)
-	TODO: check
+	NOT-FOR-US: Evoluted PHP Directory Listing Script
 CVE-2026-24724 (An incorrect authorization vulnerability has been reported to affect F ...)
 	NOT-FOR-US: QNAP
 CVE-2026-24720 (An allocation of resources without limits or throttling vulnerability  ...)
@@ -317,7 +318,7 @@ CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption vulnerabilities
 CVE-2026-11815 (An attacker who intercepts and tampers with traffic between the client ...)
 	NOT-FOR-US: Symantec
 CVE-2026-11799 (UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was ...)
-	TODO: check
+	NOT-FOR-US: Firefox Focus for iOS
 CVE-2026-10846 (NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in ...)
 	- ldns <unfixed>
 	NOTE: https://www.nlnetlabs.nl/downloads/ldns/CVE-2026-10846.txt



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effb4d94d1ca244aa6e05c49d3459be64c7c3dbe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/effb4d94d1ca244aa6e05c49d3459be64c7c3dbe
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/875d6228/attachment.htm>