[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 22 20:45:36 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ed836975 by Salvatore Bonaccorso at 2026-06-22T21:45:20+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,7 @@ CVE-2026-9029 (The geomap panel's XYZ tile layer has a sanitize-then-interpolate
 CVE-2026-9006 (IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server- ...)
 	NOT-FOR-US: IBM
 CVE-2026-8934 (A Missing Authorization vulnerability in a GraphQL private API operati ...)
-	TODO: check
+	NOT-FOR-US: Google App Engine
 CVE-2026-8858 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM ...)
 	NOT-FOR-US: IBM
 CVE-2026-8823 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to vali ...)
@@ -31,11 +31,11 @@ CVE-2026-7664 (IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated
 CVE-2026-7253 (IBM Watson Speech Services Cartridge is vulnerable to Server-Side Requ ...)
 	NOT-FOR-US: IBM
 CVE-2026-7167 (The vulnerability arises when the system fails to properly validate th ...)
-	TODO: check
+	NOT-FOR-US: Gaudire
 CVE-2026-7166 (Vulnerability involving the exposure of sensitive data provided withou ...)
-	TODO: check
+	NOT-FOR-US: Gaudire
 CVE-2026-7165 (The vulnerability is present in the \u2018/addJugador\u2019 endpoint:  ...)
-	TODO: check
+	NOT-FOR-US: Gaudire
 CVE-2026-6673 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-6062 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
@@ -43,39 +43,39 @@ CVE-2026-6062 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <=
 CVE-2026-5139 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
 	TODO: check
 CVE-2026-56450 (AIL did not restrict repeated failed attempts to verify a two-factor a ...)
-	TODO: check
+	NOT-FOR-US: AIL framework
 CVE-2026-56448 (A path traversal vulnerability exists in AIL Framework before the rele ...)
-	TODO: check
+	NOT-FOR-US: AIL framework
 CVE-2026-56447 (MISP allowed an authenticated site administrator to set the Kafka_rdka ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-56446 (MISP allowed a site administrator to configure an arbitrary filesystem ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-56425 (The Azure Active Directory (AAD) authentication implementation contain ...)
 	TODO: check
 CVE-2026-56424 (MISP core contained multiple broken access-control flaws where authori ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-56423 (MISP Core contained broken access-control checks in the bulk deletion  ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-56422 (Multiple MISP core controllers and model capture paths accepted client ...)
-	TODO: check
+	NOT-FOR-US: MISP
 CVE-2026-56109 (The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 c ...)
 	TODO: check
 CVE-2026-56104 (Chainlit before 2.10.1 contains a session hijacking vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: Chainlit
 CVE-2026-55602 (http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 un ...)
 	TODO: check
 CVE-2026-55443 (LangChain is a framework for building agents and LLM-powered applicati ...)
-	TODO: check
+	NOT-FOR-US: LangChain
 CVE-2026-55388 (piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2,  ...)
-	TODO: check
+	NOT-FOR-US: piscina
 CVE-2026-54665 (Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from o ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-54300 (@astrojs/netlify is an adapter that allows Astro to deploy your hybrid ...)
 	TODO: check
 CVE-2026-54299 (Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerende ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2026-54298 (Astro is a web framework. Prior to 6.4.6, the spreadAttributes functio ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2026-54293 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
 	TODO: check
 CVE-2026-54290 (Hono is a Web application framework that provides support for any Java ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed8369758dae010ef0a853c9a0154949aa7ce605

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ed8369758dae010ef0a853c9a0154949aa7ce605
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/62b9ecbe/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list