[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 11 21:53:29 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f61cc9ac by Salvatore Bonaccorso at 2026-06-11T22:53:07+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -56,7 +56,7 @@ CVE-2026-53737 (Juicer through 1.12.18 fails to escape remote feed API response
 CVE-2026-53736 (Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-53723 (Guzzle Services provides an implementation of the Guzzle Command libra ...)
-	TODO: check
+	NOT-FOR-US: Guzzle Services
 CVE-2026-53702 (A stack buffer overflow flaw was found in the GStreamer H.265 codec pa ...)
 	TODO: check
 CVE-2026-53701 (An out-of-bounds write vulnerability was found in GStreamer's H.266/VV ...)
@@ -110,11 +110,11 @@ CVE-2026-52858 (Vim is an open source, command line text editor. Prior to versio
 CVE-2026-50223 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-50131 (Fedify is a TypeScript library for building federated server apps powe ...)
-	TODO: check
+	NOT-FOR-US: Fedify
 CVE-2026-50127 (Weblate is a web based localization tool. From version 5.15 to before  ...)
 	TODO: check
 CVE-2026-4764 (A Missing Authorization vulnerability in the playbook import functiona ...)
-	TODO: check
+	NOT-FOR-US: Dialogflow CX on Google Cloud Platform
 CVE-2026-4096 (IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injec ...)
 	NOT-FOR-US: IBM
 CVE-2026-49982 (tmp is a temporary file and directory creator for node.js. In version  ...)
@@ -149,9 +149,9 @@ CVE-2026-48724 (ImageMagick is free and open-source software used for editing an
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/017c7efe4d63b953b35ab96fc0939ba3620e4739 (7.1.2-24)
 CVE-2026-48547 (KanaDojo contains a command injection vulnerability that allows an att ...)
-	TODO: check
+	NOT-FOR-US: KanaDojo
 CVE-2026-48546 (KanaDojo before 0.1.18 contains a sandbox escape vulnerability that al ...)
-	TODO: check
+	NOT-FOR-US: KanaDojo
 CVE-2026-48110 (Russh is a Rust SSH client & server library. From version 0.34.0 to be ...)
 	TODO: check
 CVE-2026-48108 (Russh is a Rust SSH client & server library. From version 0.34.0-beta. ...)
@@ -159,37 +159,37 @@ CVE-2026-48108 (Russh is a Rust SSH client & server library. From version 0.34.0
 CVE-2026-48107 (Russh is a Rust SSH client & server library. From version 0.37.0 to be ...)
 	TODO: check
 CVE-2026-48011 (Shopware is an open commerce platform. Prior to versions 6.6.10.18 and ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2026-47342 (A privilege escalation vulnerability in Apache OFBiz allows a low-priv ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-47250 (mcp-server-kubernetes is a Model Context Protocol server for Kubernete ...)
-	TODO: check
+	NOT-FOR-US: mcp-server-kubernetes
 CVE-2026-47213 (Boxlite is a sandbox service that allows users to create lightweight v ...)
-	TODO: check
+	NOT-FOR-US: Boxlite
 CVE-2026-47189 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47188 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47181 (PenguinMod-BackendApi is the backend api for penguinmod. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: PenguinMod-BackendApi
 CVE-2026-47177 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47176 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47175 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47174 (In Duck Site before version 1.0.1, the repository has a deploy workflo ...)
-	TODO: check
+	NOT-FOR-US: Duck Site
 CVE-2026-47173 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47172 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47171 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47170 (Garlic-Hub manages digital signage network \u2014 devices, content, an ...)
-	TODO: check
+	NOT-FOR-US: Garlic-Hub
 CVE-2026-47169 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)
-	TODO: check
+	NOT-FOR-US: Quest Bot
 CVE-2026-47167 (Vim is an open source, command line text editor. Prior to version 9.2. ...)
 	TODO: check
 CVE-2026-47163 (Quest Bot is an opensource modern Discord Bot built for moderation, ut ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f61cc9ac6fabb7300815ae6277a3981a83c74a55

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f61cc9ac6fabb7300815ae6277a3981a83c74a55
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/e526fe9f/attachment.htm>

More information about the debian-security-tracker-commits mailing list