[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 23 13:02:07 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc929582 by Salvatore Bonaccorso at 2026-06-23T14:01:18+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -82,7 +82,7 @@ CVE-2026-54530 (pypdf is a free and open-source pure-python PDF library. Prior t
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4
 	NOTE: https://github.com/py-pdf/pypdf/pull/3830
 CVE-2026-54281 (Nest is a framework for building scalable Node.js server-side applicat ...)
-	TODO: check
+	NOT-FOR-US: Nest
 CVE-2026-54236 (vLLM is an inference and serving engine for large language models (LLM ...)
 	- vllm <itp> (bug #1095237)
 CVE-2026-54235 (vLLM is an inference and serving engine for large language models (LLM ...)
@@ -108,29 +108,29 @@ CVE-2026-49460 (pypdf is a free and open-source pure-python PDF library. Prior t
 CVE-2026-48746 (vLLM is an inference and serving engine for large language models (LLM ...)
 	- vllm <itp> (bug #1095237)
 CVE-2026-48517 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48516 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48515 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48514 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48513 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48512 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48511 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48510 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48509 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48506 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48505 (Filament is a collection of full-stack components for accelerated Lara ...)
 	NOT-FOR-US: Filament
 CVE-2026-48502 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48500 (Filament is a collection of full-stack components for accelerated Lara ...)
 	NOT-FOR-US: Filament
 CVE-2026-48167 (Filament is a collection of full-stack components for accelerated Lara ...)
@@ -138,7 +138,7 @@ CVE-2026-48167 (Filament is a collection of full-stack components for accelerate
 CVE-2026-48166 (Filament is a collection of full-stack components for accelerated Lara ...)
 	NOT-FOR-US: Filament
 CVE-2026-48109 (MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.30 ...)
-	TODO: check
+	NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48067 (Filament is a collection of full-stack components for accelerated Lara ...)
 	NOT-FOR-US: Filament
 CVE-2026-47242 (Net::IMAP implements Internet Message Access Protocol (IMAP) client fu ...)
@@ -150,13 +150,13 @@ CVE-2026-47240 (Net::IMAP implements Internet Message Access Protocol (IMAP) cli
 CVE-2026-47155 (vLLM is an inference and serving engine for large language models (LLM ...)
 	- vllm <itp> (bug #1095237)
 CVE-2026-45034 (PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
-	TODO: check
+	NOT-FOR-US: PhpSpreadsheet
 CVE-2026-44889 (WebOb provides objects for HTTP requests and responses. Prior to 1.8.1 ...)
 	TODO: check
 CVE-2026-44727 (Jupyter Server is the backend for Jupyter web applications. Prior to 2 ...)
 	TODO: check
 CVE-2026-44311 (Fabric.js is a Javascript HTML5 canvas library. Prior to 7.4.0, a pote ...)
-	TODO: check
+	NOT-FOR-US: Fabric.js
 CVE-2026-44274 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain  ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-44273 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain  ...)
@@ -170,7 +170,7 @@ CVE-2026-41523 (vLLM is an inference and serving engine for large language model
 CVE-2026-41479 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	TODO: check
 CVE-2026-39904 (Gophish through 0.12.1 contains a denial of service vulnerability that ...)
-	TODO: check
+	NOT-FOR-US: Gophish
 CVE-2026-12866 (All versions of the package expr-eval are vulnerable to Code Execution ...)
 	TODO: check
 CVE-2026-11833 (Overview:  A vulnerability has been found in FAST/TOOLS and CI Server. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc9295827652d2d8ed6f48798952c1011eac52ef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc9295827652d2d8ed6f48798952c1011eac52ef
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260623/9014664b/attachment.htm>


More information about the debian-security-tracker-commits mailing list