[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 23 05:57:24 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
95c3b5de by Salvatore Bonaccorso at 2026-06-23T06:56:31+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -138,7 +138,7 @@ CVE-2026-54273 (AIOHTTP is an asynchronous HTTP client/server framework for asyn
NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-4fvr-rgm6-gqmc
NOTE: Fixed by: https://github.com/aio-libs/aiohttp/commit/dfdfa9d5aad5d21f91c79fb2ceeba0f8046cb6cf (v3.14.1)
CVE-2026-54271 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)
- TODO: check
+ NOT-FOR-US: protobufjs-cli
CVE-2026-54270 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
- node-protobufjs <itp> (bug #977564)
CVE-2026-54269 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
@@ -154,9 +154,9 @@ CVE-2026-54265 (Angular is a development platform for building mobile and deskto
CVE-2026-54264 (Angular is a development platform for building mobile and desktop web ...)
TODO: check
CVE-2026-54100 (A flaw was found in the Windows Machine Config Operator (WMCO) for Red ...)
- TODO: check
+ NOT-FOR-US: Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform
CVE-2026-54099 (A flaw was found in the Windows Machine Config Operator (WMCO) for Red ...)
- TODO: check
+ NOT-FOR-US: Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container Platform
CVE-2026-53779 (WebP Server Go through 0.14.4 contains a path traversal vulnerability ...)
TODO: check
CVE-2026-53778
@@ -215,7 +215,7 @@ CVE-2026-50169 (Angular is a development platform for building mobile and deskto
CVE-2026-50168 (Angular is a development platform for building mobile and desktop web ...)
TODO: check
CVE-2026-50146 (Astro is a web framework. Prior to 6.3.3, when a component uses a clie ...)
- TODO: check
+ NOT-FOR-US: Astro
CVE-2026-49356 (Babel is a compiler for writing next generation JavaScript. Prior to 8 ...)
TODO: check
CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich editing ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95c3b5de859dd87b0cefd558d2af133b5b769325
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/95c3b5de859dd87b0cefd558d2af133b5b769325
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/ce913cfa/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list