[Git][security-tracker-team/security-tracker][master] 4 commits: Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 5 08:41:42 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ce8852f by Salvatore Bonaccorso at 2026-03-05T09:41:12+01:00
Process some NFUs

- - - - -
20a7b1bd by Salvatore Bonaccorso at 2026-03-05T09:41:14+01:00
Add CVE-2026-29053/ghost, itp'ed

- - - - -
819885b2 by Salvatore Bonaccorso at 2026-03-05T09:41:15+01:00
Add CVE-2026-27982/django-allauth

- - - - -
e3034b5d by Salvatore Bonaccorso at 2026-03-05T09:41:17+01:00
Add some new issues in vaultwarden, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,17 +5,17 @@ CVE-2026-3072 (The Media Library Assistant plugin for WordPress is vulnerable to
 CVE-2026-3034 (The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-30777 (EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentic ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2026-2899 (The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2893 (The Page and Post Clone plugin for WordPress is vulnerable to SQL Inje ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2836 (A cache poisoning vulnerability has been found in the Pingora HTTP pro ...)
-	TODO: check
+	NOT-FOR-US: Pingora
 CVE-2026-2835 (An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pi ...)
-	TODO: check
+	NOT-FOR-US: Pingora
 CVE-2026-2833 (An HTTP request smuggling vulnerability (CWE-444) was found in Pingora ...)
-	TODO: check
+	NOT-FOR-US: Pingora
 CVE-2026-2743 (Arbitrary File Write via Path Traversal upload to Remote Code Executio ...)
 	TODO: check
 CVE-2026-2418 (The Login with Salesforce WordPress plugin through 1.0.2 does not vali ...)
@@ -25,31 +25,31 @@ CVE-2026-2365 (The Fluent Forms Pro plugin for WordPress is vulnerable to Stored
 CVE-2026-2297 (The import hook in CPython that handles legacy *.pyc files (Sourceless ...)
 	TODO: check
 CVE-2026-29128 (IDC SFX2100 Satellite Receiver firmware ships with multiple daemon con ...)
-	TODO: check
+	NOT-FOR-US: IDC SFX2100 Satellite Receiver firmware
 CVE-2026-29127 (The IDC SFX2100 Satellite Receiver sets overly permissive file system  ...)
-	TODO: check
+	NOT-FOR-US: IDC SFX2100 Satellite Receiver firmware
 CVE-2026-29126 (Incorrect permission assignment (world-writable file) in /etc/udhcpc/d ...)
-	TODO: check
+	NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
 CVE-2026-29125 (IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be w ...)
-	TODO: check
+	NOT-FOR-US: IDC SFX2100 Satellite Receiver
 CVE-2026-29124 (Multiple SUID root-owned binaries are found in /home/monitor/terminal, ...)
-	TODO: check
+	NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
 CVE-2026-29123 (A SUID root-owned binary in /home/xd/terminal/XDTerminalin Internation ...)
-	TODO: check
+	NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
 CVE-2026-29122 (International Data Casting (IDC) SFX2100 satellite receiver comes with ...)
-	TODO: check
+	NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
 CVE-2026-29121 (International Data Casting (IDC) SFX2100 satellite receiver comes with ...)
-	TODO: check
+	NOT-FOR-US: International Data Casting (IDC) SFX2100 Satellite Receiver
 CVE-2026-29086 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-29085 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-29053 (Ghost is a Node.js content management system. From version 0.7.2 to 6. ...)
-	TODO: check
+	- ghost <itp> (bug #892150)
 CVE-2026-29052 (The Calendar module for HumHub enables users to create one-time or rec ...)
-	TODO: check
+	NOT-FOR-US: Calendar module for HumHub
 CVE-2026-29045 (Hono is a Web application framework that provides support for any Java ...)
-	TODO: check
+	NOT-FOR-US: Hono
 CVE-2026-29000 (pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authent ...)
 	TODO: check
 CVE-2026-28552 (Out-of-bounds write vulnerability in the IMS module.Impact: Successful ...)
@@ -343,15 +343,16 @@ CVE-2026-27984 (Improper Control of Generation of Code ('Code Injection') vulner
 CVE-2026-27983 (Incorrect Privilege Assignment vulnerability in designthemes LMS Eleme ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27982 (An open redirect vulnerability exists in django-allauth versions prior ...)
-	TODO: check
+	- django-allauth <unfixed>
+	NOTE: https://allauth.org/news/2026/02/django-allauth-65.14.1-released/
 CVE-2026-27898 (Vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
-	TODO: check
+	- vaultwarden <itp> (bug #1067023)
 CVE-2026-27803 (Vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
-	TODO: check
+	- vaultwarden <itp> (bug #1067023)
 CVE-2026-27802 (Vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
-	TODO: check
+	- vaultwarden <itp> (bug #1067023)
 CVE-2026-27801 (Vaultwarden is an unofficial Bitwarden compatible server written in Ru ...)
-	TODO: check
+	- vaultwarden <itp> (bug #1067023)
 CVE-2026-27541 (Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesal ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-27439 (Deserialization of Untrusted Data vulnerability in ThemeREX Dentario d ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89499fb380f46cbc6024bcfde919a9853290677e...e3034b5d4d60032df463a2b5d5638275702cf309

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/89499fb380f46cbc6024bcfde919a9853290677e...e3034b5d4d60032df463a2b5d5638275702cf309
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260305/a4b2b64d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list