[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 11 21:16:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
93b74370 by Salvatore Bonaccorso at 2026-03-11T22:16:04+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -25,7 +25,7 @@ CVE-2026-3231 (The Checkout Field Editor (Checkout Manager) for WooCommerce plug
 CVE-2026-3178 (The Name Directory plugin for WordPress is vulnerable to Stored Cross- ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3013 (Coppermine Photo Gallery in versions 1.6.09 through 1.6.27is vulnerabl ...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2026-32234 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-32229 (In JetBrains Hub before 2026.1 possible on sign-in account mismatch wi ...)
@@ -59,11 +59,11 @@ CVE-2026-31975 (Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Cl
 CVE-2026-31974 (OpenProject is an open-source, web-based project management software.  ...)
 	NOT-FOR-US: OpenProject
 CVE-2026-31961 (Quill provides simple mac binary signing and notarization from any pla ...)
-	TODO: check
+	NOT-FOR-US: Quill
 CVE-2026-31960 (Quill provides simple mac binary signing and notarization from any pla ...)
-	TODO: check
+	NOT-FOR-US: Quill
 CVE-2026-31959 (Quill provides simple mac binary signing and notarization from any pla ...)
-	TODO: check
+	NOT-FOR-US: Quill
 CVE-2026-31958 (Tornado is a Python web framework and asynchronous networking library. ...)
 	TODO: check
 CVE-2026-31957 (Himmelblau is an interoperability suite for Microsoft Azure Entra ID a ...)
@@ -101,43 +101,43 @@ CVE-2026-31876 (Notesnook is a note-taking app focused on user privacy & ease of
 CVE-2026-31875 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-31874 (Taskosaur is an open source project management platform with conversat ...)
-	TODO: check
+	NOT-FOR-US: Taskosaur
 CVE-2026-31872 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31871 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31870 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
 	TODO: check
 CVE-2026-31868 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31867 (Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 ...)
-	TODO: check
+	NOT-FOR-US: Craft Commerce
 CVE-2026-31866 (flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2 ...)
 	TODO: check
 CVE-2026-31863 (Anytype Heart is the middleware library for Anytype. The challenge-bas ...)
-	TODO: check
+	NOT-FOR-US: Anytype Heart
 CVE-2026-31862 (Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude C ...)
-	TODO: check
+	NOT-FOR-US: Cloud CLI (aka Claude Code UI)
 CVE-2026-31861 (Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude C ...)
-	TODO: check
+	NOT-FOR-US: Cloud CLI (aka Claude Code UI)
 CVE-2026-31859 (Craft is a content management system (CMS). The fix for CVE-2025-35939 ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2026-31858 (Craft is a content management system (CMS). The ElementSearchControlle ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2026-31857 (Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, ...)
-	TODO: check
+	NOT-FOR-US: Craft CMS
 CVE-2026-31856 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31854 (Cursor is a code editor built for programming with AI. Prior to 2.0 ,i ...)
-	TODO: check
+	NOT-FOR-US: Cursor
 CVE-2026-31853 (ImageMagick is free and open-source software used for editing and mani ...)
 	TODO: check
 CVE-2026-31852 (Jellyfin is an open-source media system. The code-quality.yml GitHub A ...)
 	TODO: check
 CVE-2026-31840 (Parse Server is an open source backend that can be deployed to any inf ...)
-	TODO: check
+	NOT-FOR-US: Parse Server
 CVE-2026-31839 (Striae is a firearms examiner's comparison companion. A high-severity  ...)
-	TODO: check
+	NOT-FOR-US: STriae
 CVE-2026-31813 (Supabase Auth is a JWT based API for managing users and issuing JWT to ...)
 	TODO: check
 CVE-2026-30903 (External Control of File Name or Path in the Mail feature of Zoom Work ...)
@@ -149,19 +149,19 @@ CVE-2026-30901 (Improper Input Validation in Zoom Rooms for Windows before 6.6.5
 CVE-2026-30900 (Improper Check of minimum version in update functionality of certain Z ...)
 	NOT-FOR-US: Zoom
 CVE-2026-30868 (OPNsense is a FreeBSD based firewall and routing platform. Prior to 26 ...)
-	TODO: check
+	NOT-FOR-US: OPNsense
 CVE-2026-30741 (A remote code execution (RCE) vulnerability in OpenClaw Agent Platform ...)
 	NOT-FOR-US: OpenClaw
 CVE-2026-30239 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-30236 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-30235 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-30234 (OpenProject is an open-source, web-based project management software.  ...)
-	TODO: check
+	NOT-FOR-US: OpenProject
 CVE-2026-30226 (Svelte devalue is a JavaScript library that serializes values into str ...)
-	TODO: check
+	NOT-FOR-US: Svelte
 CVE-2026-29777 (Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A ...)
 	TODO: check
 CVE-2026-28803 (Open Forms allows users create and publish smart forms. Prior to 3.3.1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b74370b64e5d9acbef690081c5978c9037b849

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/93b74370b64e5d9acbef690081c5978c9037b849
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/6c1e309e/attachment.htm>

More information about the debian-security-tracker-commits mailing list