[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 24 20:56:08 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
db6d4893 by Salvatore Bonaccorso at 2026-06-24T21:55:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,7 +99,7 @@ CVE-2026-56231 (Capgo before 12.128.2 contains a broken object level authorizati
 CVE-2026-56223 (Capgo before 12.128.2 contains a cross-domain SSO account takeover vul ...)
 	NOT-FOR-US: Cap-go
 CVE-2026-56121 (Feast before 0.63.0 contains an unsafe deserialization vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: Feast
 CVE-2026-56119
 	REJECTED
 CVE-2026-56118
@@ -111,7 +111,7 @@ CVE-2026-56052 (Improper Neutralization of Special Elements used in an SQL Comma
 CVE-2026-55611 (AnythingLLM is an application that turns pieces of content into contex ...)
 	NOT-FOR-US: AnythingLLM
 CVE-2026-55488 (motionEye (mEye) is an online interface for a piece of software called ...)
-	TODO: check
+	NOT-FOR-US: motionEye (mEye)
 CVE-2026-54906 (concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7 ...)
 	TODO: check
 CVE-2026-54905 (concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7 ...)
@@ -119,14 +119,14 @@ CVE-2026-54905 (concurrent-ruby is a modern concurrency tools for Ruby. Prior to
 CVE-2026-54904 (concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7 ...)
 	TODO: check
 CVE-2026-54699 (Warp is an agentic development environment. From 0.2024.03.12.08.02.st ...)
-	TODO: check
+	NOT-FOR-US: Warp
 CVE-2026-54686 (Warp is an agentic development environment. From 0.2021.04.25.23.05.st ...)
-	TODO: check
+	NOT-FOR-US: Warp
 CVE-2026-54297 (Faraday is an HTTP client library abstraction layer that provides a co ...)
 	- ruby-faraday 2.14.3-1
 	NOTE: https://github.com/lostisland/faraday/security/advisories/GHSA-98m9-hrrm-r99r
 CVE-2026-53950 (@tryghost/activitypub is Ghost\u2019s social/federation client app. Pr ...)
-	TODO: check
+	NOT-FOR-US: tryghost/activitypub
 CVE-2026-53949 (Ghost is a Node.js content management system. From 5.46.1 until 6.21.2 ...)
 	TODO: check
 CVE-2026-53948 (Ghost is a Node.js content management system. From 6.19.4 until 6.21.1 ...)
@@ -142,29 +142,29 @@ CVE-2026-53944 (Ghost is a Node.js content management system. From 6.0.9 until 6
 CVE-2026-53943 (Ghost is a Node.js content management system. From  until 6.37.0, when ...)
 	TODO: check
 CVE-2026-50712 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50711 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50710 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50709 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50708 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50705 (A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework  ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50704 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50703 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50701 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe  ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50700 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50699 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-50698 (A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Fra ...)
-	TODO: check
+	NOT-FOR-US: Frappe
 CVE-2026-49980 (Rclone is a command-line program to sync files and directories to and  ...)
 	TODO: check
 CVE-2026-49851 (Mistune is a Python Markdown parser with renderers and plugins. Prior  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db6d48937d67b6be4b40418567b24bb7e7be1167

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db6d48937d67b6be4b40418567b24bb7e7be1167
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/93c0eeb3/attachment.htm>


More information about the debian-security-tracker-commits mailing list