[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 28 20:49:53 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5b3d8610 by Salvatore Bonaccorso at 2026-03-28T21:49:36+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -48,17 +48,17 @@ CVE-2018-25222 (SC v7.16 contains a stack-based buffer overflow vulnerability th
 	- sc <unfixed>
 	NOTE: https://www.exploit-db.com/exploits/44279
 CVE-2018-25221 (EChat Server 3.1 contains a buffer overflow vulnerability in the chat. ...)
-	TODO: check
+	NOT-FOR-US: EChat Server
 CVE-2018-25220 (Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that  ...)
 	TODO: check
 CVE-2017-20229 (MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnera ...)
 	TODO: check
 CVE-2017-20228 (Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerab ...)
-	TODO: check
+	NOT-FOR-US: Flat Assembler
 CVE-2017-20227 (JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buf ...)
 	TODO: check
 CVE-2017-20226 (Mapscrn 2.0.3 contains a stack-based buffer overflow vulnerability tha ...)
-	TODO: check
+	NOT-FOR-US: Mapscrn
 CVE-2017-20225 (TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerabil ...)
 	TODO: check
 CVE-2016-20049 (JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vul ...)
@@ -66,11 +66,11 @@ CVE-2016-20049 (JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overfl
 CVE-2016-20048 (iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that ...)
 	TODO: check
 CVE-2016-20047 (EKG Gadu 1.9~pre+r2855-3+b1 contains a local buffer overflow vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: EKG Gadu
 CVE-2016-20046 (zFTP Client 20061220+dfsg3-4.1 contains a buffer overflow vulnerabilit ...)
 	TODO: check
 CVE-2016-20045 (HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability ...)
-	TODO: check
+	NOT-FOR-US: HNB Organizer
 CVE-2016-20044 (PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that al ...)
 	TODO: check
 CVE-2016-20043 (NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow vulnerability ...)
@@ -82,7 +82,7 @@ CVE-2016-20041 (Yasr 0.6.9-5 contains a buffer overflow vulnerability that allow
 CVE-2016-20040 (TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in th ...)
 	TODO: check
 CVE-2016-20039 (Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulne ...)
-	TODO: check
+	NOT-FOR-US: Multi Emulator Super System
 CVE-2016-20038 (yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability th ...)
 	TODO: check
 CVE-2016-20037 (xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vuln ...)
@@ -454,7 +454,7 @@ CVE-2026-33730 (Open Source Point of Sale (opensourcepos) is a web based point o
 CVE-2026-33729 (OpenFGA is a high-performance and flexible authorization/permission en ...)
 	NOT-FOR-US: OpenFGA
 CVE-2026-33728 (dd-trace-java is a Datadog APM client for Java. In versions of dd-trac ...)
-	TODO: check
+	NOT-FOR-US: dd-trace-java
 CVE-2026-33726 (Cilium is a networking, observability, and security solution with an e ...)
 	- cilium <itp> (bug #858303)
 CVE-2026-33725 (Metabase is an open source business intelligence and embedded analytic ...)
@@ -911,7 +911,7 @@ CVE-2026-33491 (Zen C is a systems programming language that compiles to human-r
 CVE-2026-33490 (H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc ...)
 	NOT-FOR-US: H3
 CVE-2026-33487 (goxmlsig provides XML Digital Signatures implemented in Go. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: goxmlsig
 CVE-2026-33486 (Roadiz is a polymorphic content management system based on a node syst ...)
 	NOT-FOR-US: Roadiz
 CVE-2026-33481 (Syft is a a CLI tool and Go library for generating a Software Bill of  ...)
@@ -2100,7 +2100,7 @@ CVE-2026-20084 (A vulnerability in the DHCP snooping feature of Cisco IOS XE Sof
 CVE-2026-20083 (A vulnerability in the Secure Copy Protocol (SCP) server feature of Ci ...)
 	NOT-FOR-US: Cisco
 CVE-2026-20012 (A vulnerability in the Internet Key Exchange version 2 (IKEv2) feature ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2026-20004 (A vulnerability in the TLS library of Cisco IOS XE Software could allo ...)
 	NOT-FOR-US: Cisco
 CVE-2026-1917 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
@@ -3179,7 +3179,7 @@ CVE-2026-33158 (Craft CMS is a content management system (CMS). From version 4.0
 CVE-2026-33157 (Craft CMS is a content management system (CMS). From version 5.6.0 to  ...)
 	NOT-FOR-US: Craft CMS
 CVE-2026-32948 (sbt is a build tool for Scala, Java, and others. From version 0.9.5 to ...)
-	TODO: check
+	NOT-FOR-US: sbt
 CVE-2026-32854 (LibVNCServer versions 0.9.15 and prior (fixed incommit dc78dee) contai ...)
 	- libvncserver <unfixed> (bug #1132017)
 	NOTE: https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b3d86100f4b7273823ac4c6f00e4db35a80fe5a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5b3d86100f4b7273823ac4c6f00e4db35a80fe5a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/05046710/attachment.htm>

More information about the debian-security-tracker-commits mailing list