[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Mar 6 17:07:43 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ebe918b by Moritz Muehlenhoff at 2026-03-06T18:07:22+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -141,33 +141,33 @@ CVE-2026-28709 (Unauthorized resource manipulation due to improper authorization
 CVE-2026-28685 (Kimai is a web-based multi-user time-tracking application. Prior to ve ...)
 	TODO: check
 CVE-2026-28683 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
-	TODO: check
+	NOT-FOR-US: Gokapi
 CVE-2026-28682 (Gokapi is a self-hosted file sharing server with automatic expiration  ...)
-	TODO: check
+	NOT-FOR-US: Gokapi
 CVE-2026-28681 (Internet Routing Registry daemon version 4 is an IRR database server,  ...)
 	TODO: check
 CVE-2026-28680 (Ghostfolio is an open source wealth management software. Prior to vers ...)
-	TODO: check
+	NOT-FOR-US: Ghostfolio
 CVE-2026-28679 (Home-Gallery.org is a self-hosted open-source web gallery to browse pe ...)
-	TODO: check
+	NOT-FOR-US: Home-Gallery.org
 CVE-2026-28677 (OpenSift is an AI study tool that sifts through large datasets using s ...)
-	TODO: check
+	NOT-FOR-US: OpenSift
 CVE-2026-28676 (OpenSift is an AI study tool that sifts through large datasets using s ...)
-	TODO: check
+	NOT-FOR-US: OpenSift
 CVE-2026-28675 (OpenSift is an AI study tool that sifts through large datasets using s ...)
-	TODO: check
+	NOT-FOR-US: OpenSift
 CVE-2026-28509 (LangBot is a global IM bot platform designed for LLMs. Prior to versio ...)
-	TODO: check
+	NOT-FOR-US: LangBot
 CVE-2026-28508 (Idno is a social publishing platform. Prior to version 1.6.4, a logic  ...)
-	TODO: check
+	NOT-FOR-US: Idno
 CVE-2026-28507 (Idno is a social publishing platform. Prior to version 1.6.4, there is ...)
-	TODO: check
+	NOT-FOR-US: Idno
 CVE-2026-28502 (WWBN AVideo is an open source video platform. Prior to version 24.0, a ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-28501 (WWBN AVideo is an open source video platform. Prior to version 24.0, a ...)
-	TODO: check
+	NOT-FOR-US: WWBN AVideo
 CVE-2026-28497 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Pri ...)
-	TODO: check
+	NOT-FOR-US: TinyWeb
 CVE-2026-28492 (File Browser provides a file managing interface within a specified dir ...)
 	TODO: check
 CVE-2026-28486 (OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a path traver ...)
@@ -4673,8 +4673,8 @@ CVE-2026-25638 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88 (7.1.2-14)
 CVE-2026-25637 (ImageMagick is free and open-source software used for editing and mani ...)
 	- imagemagick 8:7.1.2.15+dfsg1-1
-	[bookworm] - imagemagick <not-affected> (vulnerable code introduced later)
-	[bullseye] - imagemagick <not-affected> (vulnerable code introduced later)
+	[bookworm] - imagemagick <not-affected> (Vulnerable code not present, ASHLAR decoder introduced in IM7)
+	[bullseye] - imagemagick <not-affected> (Vulnerable code not present, ASHLAR decoder introduced in IM7)
 	NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137 (7.1.2-14)
 	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/114356949267dc1e04dc0d5c460ca1c05833504a (7.0.10-23)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebe918b92f434d5577222aaafdbed05a8644c95

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebe918b92f434d5577222aaafdbed05a8644c95
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/904ff983/attachment.htm>

More information about the debian-security-tracker-commits mailing list