[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 27 12:24:25 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5d9a548a by Moritz Muehlenhoff at 2026-06-27T13:24:05+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -780,13 +780,13 @@ CVE-2026-44018 (Docling simplifies document processing by parsing diverse format
 CVE-2026-40711 (Dell Dell Container Storage Modules, version(s) csi-powerstore v2.16.0 ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-3472 (Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 1 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-33646 (mise manages dev tools like node, python, cmake, and terraform. Prior  ...)
 	TODO: check
 CVE-2026-30041 (An integer overflow in the PSD parser compnent of FastStone Image View ...)
-	TODO: check
+	NOT-FOR-US: FastStone ImageViewer
 CVE-2026-30040 (A heap overflow in the FSViewer.exe process of FastStone Image Viewer  ...)
-	TODO: check
+	NOT-FOR-US: FastStone ImageViewer
 CVE-2026-2053 (The WSO2 API Manager's message flow component, when processing WS-Addr ...)
 	NOT-FOR-US: WSO2
 CVE-2026-28385 (In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forg ...)
@@ -798,21 +798,21 @@ CVE-2026-21734 (A web page that contains unusual GPU shader code is loaded into
 CVE-2026-1869 (The User Registration & Membership \u2013 Free & Paid Memberships, Sub ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-13434 (A flaw was found in KubeVirt's network annotation generator. When a te ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2026-13426 (The Mattermost Go module github.com/mattermost/mattermost/server/publi ...)
 	TODO: check
 CVE-2026-13372 (Incorrect link resolution by display name in the custom PowerShell VPN ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-13325 (A flaw was found in KubeVirt's migration proxy. When spec.configuratio ...)
-	TODO: check
+	NOT-FOR-US: KubeVirt
 CVE-2026-12411 (Broken Access Control in the devLXDInstancePatchHandler component of C ...)
 	TODO: check
 CVE-2026-11779 (An Improper Authorization vulnerability exists in PayloadCMS version 3 ...)
-	TODO: check
+	NOT-FOR-US: PayloadCMS
 CVE-2026-0828 (Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x ...)
-	TODO: check
+	NOT-FOR-US: Safetica
 CVE-2026-0685 (Server side template inject (SSTI) in the expression evaluation compon ...)
-	TODO: check
+	NOT-FOR-US: Genshi
 CVE-2025-7958 (A Code Injection vulnerability existed in Trellix Network Security CM  ...)
 	TODO: check
 CVE-2025-68075 (Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 ve ...)
@@ -842,11 +842,11 @@ CVE-2025-63041 (Contributor Broken Access Control in Forget About Shortcode Butt
 CVE-2025-55017 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2025-32423 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2025-32394 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
-	TODO: check
+	NOT-FOR-US: AutoGPT
 CVE-2025-11919 (The default JVM can access files and directories under `/tmp/` includi ...)
-	TODO: check
+	NOT-FOR-US: Wolfram Cloud
 CVE-2026-11702 (Bytes::Random::Secure::Tiny versions through 1.011 for Perl share inte ...)
 	NOT-FOR-US: Bytes::Random::Secure::Tiny Perl module
 CVE-2026-11625 (Bytes::Random::Secure versions through 0.29 for Perl share internal st ...)
@@ -964,7 +964,7 @@ CVE-2026-46601 (The webp decoder can panic when processing a VP8 chunk with dime
 	NOTE: https://github.com/golang/go/issues/79869
 	NOTE: Fixed by: https://github.com/golang/image/commit/c5511df3ee92e86ce3fa383fdd247080019257c7 (v0.43.0)
 CVE-2026-44622 (Charging station authentication identifiers are publicly accessible vi ...)
-	TODO: check
+	NOT-FOR-US: Evoke
 CVE-2026-43920 (FOSSBilling is a free, open-source billing and client management syste ...)
 	NOT-FOR-US: FOSSBilling
 CVE-2026-40941 (Cacti is an open source performance and fault management framework. Ve ...)
@@ -992,19 +992,19 @@ CVE-2026-40080 (Cacti is an open source performance and fault management framewo
 	NOTE: https://github.com/Cacti/cacti/pull/7039
 	NOTE: Fixed by: https://github.com/Cacti/cacti/commit/4c09efaebf3a9faec66969d0b5c4aceaf397f37f (release/1.2.31)
 CVE-2026-38640 (A reachable unwrap in the __assert_fail function (/assert/mod.rs) of r ...)
-	TODO: check
+	NOT-FOR-US: relibc
 CVE-2026-38637 (An issue in the pthread_rwlockattr_setpshared() function of relibc com ...)
-	TODO: check
+	NOT-FOR-US: relibc
 CVE-2026-37454 (Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: MSI NBFoundation Service
 CVE-2026-37453 (Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: MSI NBFoundation Service
 CVE-2026-37452 (Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2 ...)
-	TODO: check
+	NOT-FOR-US: MSI NBFoundation Service
 CVE-2026-37149 (GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0 wa ...)
-	TODO: check
+	NOT-FOR-US: GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN
 CVE-2026-2299 (The Mattermost Google Drive plugin before version 1.1.0 fails to valid ...)
-	TODO: check
+	NOT-FOR-US: Mattermost plugin
 CVE-2026-22879 (vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow  ...)
 	TODO: check
 CVE-2026-13322 (A flaw was found in KubeVirt's downward metrics virtio-serial server.  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9a548af7979aaad242c14de7d175a73bd2c4c5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d9a548af7979aaad242c14de7d175a73bd2c4c5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/8065230d/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list