[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 13 09:01:13 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4ecaf23 by Salvatore Bonaccorso at 2026-03-13T10:00:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,25 +7,25 @@ CVE-2026-3909 (Out of bounds write in Skia in Google Chrome prior to 146.0.7680.
 CVE-2026-3891 (The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrar ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-3611 (The Honeywell IQ4x building management controller, exposes its full we ...)
-	TODO: check
+	NOT-FOR-US: Honeywell
 CVE-2026-3045 (The Appointment Booking Calendar \u2014 Simply Schedule Appointments p ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-32612 (Statmatic is a Laravel and Git powered content management system (CMS) ...)
-	TODO: check
+	NOT-FOR-US: Statmatic CMS
 CVE-2026-32598 (OneUptime is a solution for monitoring and managing online services. P ...)
-	TODO: check
+	NOT-FOR-US: OneUptime
 CVE-2026-32597 (PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, P ...)
 	TODO: check
 CVE-2026-32322 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23. ...)
 	TODO: check
 CVE-2026-32320 (Ella Core is a 5G core designed for private networks. Prior to 1.5.1,  ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-32319 (Ella Core is a 5G core designed for private networks. Prior to 1.5.1,  ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-32308 (OneUptime is a solution for monitoring and managing online services. P ...)
-	TODO: check
+	NOT-FOR-US: OneUptime
 CVE-2026-32306 (OneUptime is a solution for monitoring and managing online services. P ...)
-	TODO: check
+	NOT-FOR-US: OneUptime
 CVE-2026-32304 (Locutus brings stdlibs of other programming languages to JavaScript fo ...)
 	TODO: check
 CVE-2026-32302 (OpenClaw is a personal AI assistant. Prior to 2026.3.11, browser-origi ...)
@@ -140,7 +140,7 @@ CVE-2026-32259 (ImageMagick is free and open-source software used for editing an
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/df934b4721173f8dda33c6d007f9811669640e86 (7.1.2-16)
 	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/812ff3ef91967d367aa7a087a31b94f3b2a267ee (6.9.13-41)
 CVE-2026-32251 (Tolgee is an open-source localization platform. Prior to 3.166.3, the  ...)
-	TODO: check
+	NOT-FOR-US: Tolgee
 CVE-2026-32249 (Vim is an open source, command line text editor. From 9.1.0011 to befo ...)
 	- vim <unfixed>
 	[bookworm] - vim <not-affected> (Vulnerable code not present)
@@ -177,7 +177,7 @@ CVE-2026-32232 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, there is a
 CVE-2026-32231 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the generic webh ...)
 	NOT-FOR-US: ZeptoClaw
 CVE-2026-32230 (Uptime Kuma is an open source, self-hosted monitoring tool. From 2.0.0 ...)
-	TODO: check
+	NOT-FOR-US: Uptime Kuma
 CVE-2026-32142 (Shopware is an open commerce platform. /api/_info/config route exposes ...)
 	NOT-FOR-US: Shopware
 CVE-2026-32141 (flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse() f ...)
@@ -187,7 +187,7 @@ CVE-2026-32140 (Dataease is an open source data visualization analysis tool. Pri
 CVE-2026-32139 (Dataease is an open source data visualization analysis tool. In DataEa ...)
 	NOT-FOR-US: DataEase
 CVE-2026-32138 (NEXULEAN is a cybersecurity portfolio & service platform for an Ethica ...)
-	TODO: check
+	NOT-FOR-US: NEXULEAN
 CVE-2026-32137 (Dataease is an open source data visualization analysis tool. Prior to  ...)
 	NOT-FOR-US: DataEase
 CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash fu ...)
@@ -195,7 +195,7 @@ CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic h
 CVE-2026-32116 (Magic Wormhole makes it possible to get arbitrary-sized files and dire ...)
 	TODO: check
 CVE-2026-32100 (Shopware is an open commerce platform. /api/_info/config route exposes ...)
-	TODO: check
+	NOT-FOR-US: Shopware
 CVE-2026-31890 (Inspektor Gadget is a set of tools and framework for data collection a ...)
 	TODO: check
 CVE-2026-31873 (Unhead is a document head and template manager. Prior to 2.1.11, The l ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4ecaf2338eff2d1f1cee4d84a34d122a322a105

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4ecaf2338eff2d1f1cee4d84a34d122a322a105
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260313/c03b7324/attachment.htm>

More information about the debian-security-tracker-commits mailing list