[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 19 20:58:24 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d841ec13 by Salvatore Bonaccorso at 2026-06-19T21:58:01+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -31,7 +31,7 @@ CVE-2026-56142 (In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.1480
 CVE-2026-56141 (In JetBrains Hub before 2026.1.13757, 2025.3.148033, 2025.2.148048, 20 ...)
 	NOT-FOR-US: JetBrains
 CVE-2026-56138 (AIL framework contains a path traversal vulnerability in the /objects/ ...)
-	TODO: check
+	NOT-FOR-US: AIL framework
 CVE-2026-53915 (In JetBrains GoLand before 2026.1.3 remote code execution was possible ...)
 	NOT-FOR-US: JetBrains
 CVE-2026-51846 (In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform ...)
@@ -53,11 +53,11 @@ CVE-2026-49872 (Improper Authentication vulnerability in Apache APISIX.  When th
 CVE-2026-49871 (Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49359 (PhpWeasyPrint is a PHP library allowing PDF generation from a URL or a ...)
-	TODO: check
+	NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49358 (PhpWeasyPrint is a PHP library allowing PDF generation from a URL or a ...)
-	TODO: check
+	NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49357 (Line Desktop MCP is a project that, while unaffiliated with the offici ...)
-	TODO: check
+	NOT-FOR-US: Line Desktop MCP
 CVE-2026-49339 (gonic is a music streaming server / free-software subsonic server API  ...)
 	TODO: check
 CVE-2026-49336 (@microsoft/kiota-http-fetchlibrary provides TypeScript libraries for K ...)
@@ -65,19 +65,19 @@ CVE-2026-49336 (@microsoft/kiota-http-fetchlibrary provides TypeScript libraries
 CVE-2026-49293 (js-toml is a TOML parser for JavaScript, fully compliant with the TOML ...)
 	TODO: check
 CVE-2026-49291 (mcp-memory-service is a semantic memory layer for AI applications. Pri ...)
-	TODO: check
+	NOT-FOR-US: mcp-memory-service
 CVE-2026-49290 (Slopsmith is a self-contained web application for browsing, playing, a ...)
-	TODO: check
+	NOT-FOR-US: Slopsmith
 CVE-2026-49288 (Statamic is a Laravel and Git powered content management system (CMS). ...)
-	TODO: check
+	NOT-FOR-US: Statamic CMS
 CVE-2026-49287 (Statamic is a Laravel and Git powered content management system (CMS). ...)
-	TODO: check
+	NOT-FOR-US: Statamic CMS
 CVE-2026-49286 (PhpWeasyPrint is a PHP library allowing PDF generation from a URL or a ...)
-	TODO: check
+	NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49271 (libheif is a HEIF and AVIF file format decoder and encoder. Prior to v ...)
 	TODO: check
 CVE-2026-49260 (PhpWeasyPrint is a PHP library allowing PDF generation from a URL or a ...)
-	TODO: check
+	NOT-FOR-US: php-weasyprint (not same as src:weasyprint)
 CVE-2026-49231 (Authentication Bypass by Spoofing vulnerability in opa plugin.  An att ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49230 (Improper Validation of Integrity Check Value vulnerability in Apache A ...)
@@ -101,7 +101,7 @@ CVE-2026-47339 (Incorrect Authorization vulnerability in Apache APISIX.  An atta
 CVE-2026-46461 (Dell Server Hardware Manager, versions prior to 3.2.2, contains an Imp ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-44939 (A command injection vulnerability in the Rancher Manager cluster befor ...)
-	TODO: check
+	NOT-FOR-US: Rancher
 CVE-2026-44915 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-44087 (Insufficient Verification of Data Authenticity vulnerability in Apache ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d841ec13bb8f058e3c0864116694a188838c6d00

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d841ec13bb8f058e3c0864116694a188838c6d00
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/b789f282/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list