[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 6 20:33:55 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b4c9f27c by Salvatore Bonaccorso at 2026-03-06T21:33:30+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-3653
 CVE-2026-3589 (The WooCommerce WordPress plugin from versions 5.4.0 to 10.5.2 does no ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3419 (Fastify incorrectly accepts malformed `Content-Type` headers containin ...)
-	TODO: check
+	NOT-FOR-US: Fastify
 CVE-2026-30847 (Wekan is an open source kanban tool built with Meteor. In versions 8.3 ...)
 	TODO: check
 CVE-2026-30846 (Wekan is an open source kanban tool built with Meteor. In versions 8.3 ...)
@@ -15,9 +15,9 @@ CVE-2026-30844 (Wekan is an open source kanban tool built with Meteor. Versions
 CVE-2026-30843 (Wekan is an open source kanban tool built with Meteor. Versions 8.32 a ...)
 	TODO: check
 CVE-2026-30833 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2026-30831 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
-	TODO: check
+	NOT-FOR-US: Rocket.Chat
 CVE-2026-2754 (Navtor NavBox exposes sensitive configuration and operational data due ...)
 	TODO: check
 CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor NavBox. The  ...)
@@ -25,21 +25,21 @@ CVE-2026-2753 (An Absolute Path Traversal vulnerability exists in Navtor NavBox.
 CVE-2026-2752 (Navtor NavBox allows information disclosure via the /api/ais-data endp ...)
 	TODO: check
 CVE-2026-29783 (The shell tool within GitHub Copilot CLI versions prior to and includi ...)
-	TODO: check
+	NOT-FOR-US: GitHub Copilot CLI
 CVE-2026-29178 (Lemmy, a link aggregator and forum for the fediverse, is vulnerable to ...)
-	TODO: check
+	NOT-FOR-US: Lemmy
 CVE-2026-29110 (Cryptomator encrypts data being stored on cloud infrastructure. Prior  ...)
-	TODO: check
+	NOT-FOR-US: Cryptomator
 CVE-2026-29091 (Locutus brings stdlibs of other programming languages to JavaScript fo ...)
-	TODO: check
+	NOT-FOR-US: Node Locutus
 CVE-2026-29089 (TimescaleDB is a time-series database for high-performance real-time a ...)
-	TODO: check
+	NOT-FOR-US: Timescale TimescaleDB
 CVE-2026-29087 (@hono/node-server allows running the Hono application on Node.js. Prio ...)
-	TODO: check
+	NOT-FOR-US: Hono node-server
 CVE-2026-29082 (Kestra is an event-driven orchestration platform. In versions from 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Kestra
 CVE-2026-29075 (Mesa is an open-source Python library for agent-based modeling, simula ...)
-	TODO: check
+	NOT-FOR-US: mesa ibrary for agent-based modeling (not the same as src:mesa)
 CVE-2026-29064 (Zarf is an Airgap Native Packager Manager for Kubernetes. From version ...)
 	TODO: check
 CVE-2026-29063 (Immutable.js provides many Persistent Immutable data structures. Prior ...)
@@ -263,7 +263,7 @@ CVE-2026-29609 (OpenClaw versions prior to 2026.2.14 contain a denial of service
 CVE-2026-29606 (OpenClaw versions prior to 2026.2.14 contain a webhook signature-verif ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-29188 (File Browser provides a file managing interface within a specified dir ...)
-	TODO: check
+	NOT-FOR-US: File Browser
 CVE-2026-29183 (SiYuan is a personal knowledge management system. Prior to version 3.5 ...)
 	NOT-FOR-US: SiYuan
 CVE-2026-29093 (WWBN AVideo is an open source video platform. Prior to version 24.0, t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c9f27c0a6cfc26cf1a05874c7eee039a8757fe

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b4c9f27c0a6cfc26cf1a05874c7eee039a8757fe
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260306/d6ba02a2/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list