[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 3 09:05:18 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
200c9a65 by Salvatore Bonaccorso at 2026-03-03T10:04:32+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2026-3455 (Versions of the package mailparser before 3.9.3 are vulnerable to Cros ...)
 	TODO: check
 CVE-2026-3449 (Versions of the package @tootallnate/once before 3.0.1 are vulnerable  ...)
-	TODO: check
+	NOT-FOR-US: tootallnate/once
 CVE-2026-3338 (Improper signature validation in PKCS7_verify() in AWS-LC allows an un ...)
 	NOT-FOR-US: Amazon
 CVE-2026-3337 (Observable timing discrepancy in AES-CCM decryption in AWS-LC allows a ...)
@@ -17,7 +17,7 @@ CVE-2026-2448 (The Page Builder by SiteOrigin plugin for WordPress is vulnerable
 CVE-2026-2269 (The Uncanny Automator \u2013 Easy Automation, Integration, Webhooks &  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2256 (A command injection vulnerability in ModelScope's ms-agent versions v1 ...)
-	TODO: check
+	NOT-FOR-US: ModelScope ms-agent
 CVE-2026-20801 (Cleartext Transmission of Sensitive Information (CWE-319) ina componen ...)
 	NOT-FOR-US: Gallagher
 CVE-2026-20757 (Improper Lockingvulnerability (CWE-667) inGallagher Morpho integration ...)
@@ -41,9 +41,9 @@ CVE-2026-0754 (An embedded test key and certificate could be extracted from a Po
 CVE-2025-47147 (Cleartext Storage of Sensitive Information (CWE-312) in the Command Ce ...)
 	NOT-FOR-US: Gallagher
 CVE-2025-15595 (Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier  ...)
-	TODO: check
+	NOT-FOR-US: Inno Setup
 CVE-2025-12345 (A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1 ...)
-	TODO: check
+	NOT-FOR-US: LLM-Claw
 CVE-2026-3442
 	- binutils <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443828



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200c9a652d0c4716637f8ba3391f513f347006ad

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/200c9a652d0c4716637f8ba3391f513f347006ad
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260303/6e61fdd7/attachment.htm>

More information about the debian-security-tracker-commits mailing list