[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 26 20:57:13 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2041421d by Salvatore Bonaccorso at 2026-06-26T21:56:52+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -187,11 +187,11 @@ CVE-2026-57231 (Podman is a tool for managing OCI containers and pods. From 1.8.
 CVE-2026-56876 (extract-zip does not validate symlink targets when extracting zip arch ...)
 	TODO: check
 CVE-2026-56823 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2026-56773 (Teable's v2 REST API controller lacks @Permissions metadata on ORPC en ...)
-	TODO: check
+	NOT-FOR-US: teableio teable
 CVE-2026-56663 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2026-56072 (Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versio ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-56070 (Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versi ...)
@@ -313,7 +313,7 @@ CVE-2026-54820 (Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.
 CVE-2026-54753 (Nx is a monorepo solution for TypeScript and polyglot codebases. From  ...)
 	TODO: check
 CVE-2026-54636 (Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utili ...)
-	TODO: check
+	NOT-FOR-US: Dokku
 CVE-2026-54557 (mise manages dev tools like node, python, cmake, and terraform. Prior  ...)
 	TODO: check
 CVE-2026-54341 (Dragonfly is an in-memory data store built for modern application work ...)
@@ -331,7 +331,7 @@ CVE-2026-48743 (Envoy is an open source edge and service proxy designed for clou
 CVE-2026-48706 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2026-48529 (GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1 ...)
-	TODO: check
+	NOT-FOR-US: GitHub MCP Server
 CVE-2026-48497 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2026-48090 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
@@ -351,7 +351,7 @@ CVE-2026-47221 (Envoy is an open source edge and service proxy designed for clou
 CVE-2026-47220 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2026-47214 (Docling simplifies document processing by parsing diverse formats and  ...)
-	TODO: check
+	NOT-FOR-US: Docling
 CVE-2026-47207 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2026-47206 (Dragonfly is an in-memory data store built for modern application work ...)
@@ -361,21 +361,21 @@ CVE-2026-47205 (Envoy is an open source edge and service proxy designed for clou
 CVE-2026-47204 (Envoy is an open source edge and service proxy designed for cloud-nati ...)
 	- envoyproxy <itp> (bug #987544)
 CVE-2026-45408 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validati ...)
-	TODO: check
+	NOT-FOR-US: Dokku
 CVE-2026-45407 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command  ...)
-	TODO: check
+	NOT-FOR-US: Dokku
 CVE-2026-45406 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts  ...)
-	TODO: check
+	NOT-FOR-US: Dokku
 CVE-2026-45405 (Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive  ...)
-	TODO: check
+	NOT-FOR-US: Dokku
 CVE-2026-45257 (The KTLS receive path decrypted each record in place, assuming that th ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2026-45256 (When used to deliver a signal to a specific thread, thr_kill2(2) calle ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2026-45195 (Kernel software installed and running inside a Host VM may post improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2026-44018 (Docling simplifies document processing by parsing diverse formats and  ...)
-	TODO: check
+	NOT-FOR-US: Docling
 CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0 ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 1 ...)
@@ -857,7 +857,7 @@ CVE-2026-56766 (Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buf
 CVE-2026-56130 ("Remember me" cookie age is not verified on the server. This potential ...)
 	TODO: check
 CVE-2026-56129 (Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORAT ...)
-	TODO: check
+	NOT-FOR-US: Dynabook Inc.
 CVE-2026-56123 (socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer ove ...)
 	TODO: check
 CVE-2026-56122 (Winstone Servlet Engine through 0.9.10 contains a path traversal vulne ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2041421ddbd191f4f55609929e48ed4684741e80
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260626/000943ba/attachment.htm>


More information about the debian-security-tracker-commits mailing list