[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 30 15:27:01 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e7687b7c by Moritz Muehlenhoff at 2026-06-30T16:26:14+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -132,21 +132,21 @@ CVE-2026-43676 (An out-of-bounds access issue was addressed with improved bounds
 CVE-2026-43663 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2026-41896 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2026-39872 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2026-39868 (This issue was addressed with improved input validation. This issue is ...)
 	NOT-FOR-US: Apple
 CVE-2026-37637 (An issue in Alexantr filemanager v.1.0 allows a remote attacker to exe ...)
-	TODO: check
+	NOT-FOR-US: Alexantr filemanager
 CVE-2026-34597 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2026-34594 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2026-34592 (Coolify is an open-source and self-hostable tool for managing servers, ...)
-	TODO: check
+	NOT-FOR-US: Coolify
 CVE-2026-31016 (Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7 ...)
-	TODO: check
+	NOT-FOR-US: Squidex CMS
 CVE-2026-28979 (An out-of-bounds access issue was addressed with improved bounds check ...)
 	NOT-FOR-US: Apple
 CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5 reader. D ...)
@@ -552,7 +552,7 @@ CVE-2026-11979 (libxml2 is vulnerable to multiple stack-based buffer overflows i
 	NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c2e233fc1b341685fc99621b2768b503f777a72e
 	NOTE: Not considered a security issue upstream
 CVE-2026-11720 (A path traversal vulnerability exists in the HTTP tool URL builder of  ...)
-	TODO: check
+	NOT-FOR-US: Google MCP Toolbox for Databases
 CVE-2026-54371 (attr before version 2.6.0 contains a symlink traversal vulnerability i ...)
 	- attr 1:2.6.0-1 (bug #1141107)
 	[trixie] - attr <no-dsa> (Will be fixed first in unstable, then point release update)
@@ -1987,7 +1987,7 @@ CVE-2026-10098 (OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_
 CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM implementation (mlkem_cmp_avx2) compar ...)
 	TODO: check
 CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle files that  ...)
-	TODO: check
+	NOT-FOR-US: picklescan
 CVE-2025-71338 (Flowise contains a path traversal vulnerability in the /api/v1/documen ...)
 	NOT-FOR-US: Flowise
 CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) con ...)
@@ -6340,7 +6340,7 @@ CVE-2026-50184 (Angular is a development platform for building mobile and deskto
 	NOTE: https://github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
 	NOTE: https://github.com/angular/angular/pull/68904
 CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich editing ...)
-	TODO: check
+	NOT-FOR-US: VS Code extension
 CVE-2026-50171 (Angular is a development platform for building mobile and desktop web  ...)
 	- angular.js <undetermined>
 	NOTE: https://github.com/angular/angular/security/advisories/GHSA-p3vc-36g9-x9gr
@@ -6362,7 +6362,7 @@ CVE-2026-49356 (Babel is a compiler for writing next generation JavaScript. Prio
 	- node-babel7 <unfixed> (bug #1140816)
 	NOTE: https://github.com/babel/babel/security/advisories/GHSA-4x5r-pxfx-6jf8
 CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich editing ...)
-	TODO: check
+	NOT-FOR-US: VS Code extension
 CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS) function ...)
 	- node-protobufjs <itp> (bug #977564)
 CVE-2026-46417 (Angular is a development platform for building mobile and desktop web  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/7df0adef/attachment.htm>


More information about the debian-security-tracker-commits mailing list