[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jun 22 21:01:11 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3be7dcfe by Salvatore Bonaccorso at 2026-06-22T22:00:55+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -51,7 +51,7 @@ CVE-2026-56447 (MISP allowed an authenticated site administrator to set the Kafk
CVE-2026-56446 (MISP allowed a site administrator to configure an arbitrary filesystem ...)
NOT-FOR-US: MISP
CVE-2026-56425 (The Azure Active Directory (AAD) authentication implementation contain ...)
- TODO: check
+ NOT-FOR-US: MISP
CVE-2026-56424 (MISP core contained multiple broken access-control flaws where authori ...)
NOT-FOR-US: MISP
CVE-2026-56423 (MISP Core contained broken access-control checks in the bulk deletion ...)
@@ -65,7 +65,7 @@ CVE-2026-56109 (The Advanced Linux Sound Architecture (ALSA) library before 1.2.
CVE-2026-56104 (Chainlit before 2.10.1 contains a session hijacking vulnerability that ...)
NOT-FOR-US: Chainlit
CVE-2026-55602 (http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 un ...)
- TODO: check
+ NOT-FOR-US: http-proxy-middleware Node.js module
CVE-2026-55443 (LangChain is a framework for building agents and LLM-powered applicati ...)
NOT-FOR-US: LangChain
CVE-2026-55388 (piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, ...)
@@ -73,7 +73,7 @@ CVE-2026-55388 (piscina is a node.js worker pool implementation. Prior to 6.0.0-
CVE-2026-54665 (Apache NiFi 0.0.1 through 2.9.0 support building qualified URLs from o ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-54300 (@astrojs/netlify is an adapter that allows Astro to deploy your hybrid ...)
- TODO: check
+ NOT-FOR-US: astrojs/netlify
CVE-2026-54299 (Astro is a web framework. Prior to 6.4.6, Astro SSR apps with prerende ...)
NOT-FOR-US: Astro
CVE-2026-54298 (Astro is a web framework. Prior to 6.4.6, the spreadAttributes functio ...)
@@ -81,15 +81,15 @@ CVE-2026-54298 (Astro is a web framework. Prior to 6.4.6, the spreadAttributes f
CVE-2026-54293 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...)
TODO: check
CVE-2026-54290 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-54289 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-54288 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-54287 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-54286 (Hono is a Web application framework that provides support for any Java ...)
- TODO: check
+ NOT-FOR-US: Hono
CVE-2026-54285 (opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8. ...)
TODO: check
CVE-2026-54283 (Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3be7dcfe20e18e29d331a5b092af20f22a26653e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3be7dcfe20e18e29d331a5b092af20f22a26653e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/8dd91de5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list