[Git][security-tracker-team/security-tracker][master] Process some NFUs

Thu Jun 11 21:36:48 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e94d36cb by Salvatore Bonaccorso at 2026-06-11T22:36:09+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40,21 +40,21 @@ CVE-2026-53911 (Cerebrate before version 1.37 allowed the id primary key field t
 CVE-2026-53901 (Cerebrate before version 1.37 contains a mass-assignment vulnerability ...)
 	NOT-FOR-US: Cerebrate
 CVE-2026-53777 (Perry before 0.5.1159 contains a path traversal vulnerability that all ...)
-	TODO: check
+	NOT-FOR-US: Perry
 CVE-2026-53742 (Simple Link Directory through 9.0.4 echoes embed shortcode attributes  ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-53741 (Simple Link Directory through 9.0.4 interpolates the sld_no_results_fo ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-53740 (Yoast Duplicate Post through 4.6 inserts an unescaped post title and p ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-53739 (Yoast Duplicate Post through 4.6 contains a cross-site request forgery ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-53738 (Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin ro ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-53737 (Juicer through 1.12.18 fails to escape remote feed API response fields ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-53736 (Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2026-53723 (Guzzle Services provides an implementation of the Guzzle Command libra ...)
 	TODO: check
 CVE-2026-53702 (A stack buffer overflow flaw was found in the GStreamer H.265 codec pa ...)
@@ -62,9 +62,9 @@ CVE-2026-53702 (A stack buffer overflow flaw was found in the GStreamer H.265 co
 CVE-2026-53701 (An out-of-bounds write vulnerability was found in GStreamer's H.266/VV ...)
 	TODO: check
 CVE-2026-53661 (Boruta is a standalone authorization server that aims to implement OAu ...)
-	TODO: check
+	NOT-FOR-US: Boruta
 CVE-2026-53634 (Sharp is a content management framework built for Laravel as a package ...)
-	TODO: check
+	NOT-FOR-US: Sharp
 CVE-2026-53465 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick <unfixed>
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5
@@ -94,7 +94,7 @@ CVE-2026-53460 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/960367f3318e650ba8544c0ce3844d7897aba43b (7.1.2-25)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/3396cbf4049c4576814b45bb6094ac3ad5493115 (6.9.13-50)
 CVE-2026-53423 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	TODO: check
+	NOT-FOR-US: membraneframework membrane_mp4_plugin
 CVE-2026-52860 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
 	- vim <unfixed>
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-65p9-mwwx-7468



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94d36cb6604eb2a915b7581af0bfb20b1f23a2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94d36cb6604eb2a915b7581af0bfb20b1f23a2b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/4a36e261/attachment.htm>
