[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Mar 31 20:33:29 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3c0f8743 by Salvatore Bonaccorso at 2026-03-31T21:33:08+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114,9 +114,9 @@ CVE-2026-34043 (Serialize JavaScript to a superset of JSON that includes regular
 	NOTE: https://github.com/yahoo/serialize-javascript/security/advisories/GHSA-qj8w-gfj5-8c6v
 	NOTE: https://github.com/yahoo/serialize-javascript/commit/f147e90269b58bb6e539cfdf3d0e20d6ad14204b (v7.0.5)
 CVE-2026-34042 (act is a project which allows for local running of github actions. Pri ...)
-	TODO: check
+	NOT-FOR-US: nektos act
 CVE-2026-34041 (act is a project which allows for local running of github actions. Pri ...)
-	TODO: check
+	NOT-FOR-US: nektos act
 CVE-2026-34040 (Moby is an open source container framework. Prior to version 29.3.1, a ...)
 	TODO: check
 CVE-2026-34036 (Dolibarr is an enterprise resource planning (ERP) and customer relatio ...)
@@ -124,7 +124,7 @@ CVE-2026-34036 (Dolibarr is an enterprise resource planning (ERP) and customer r
 CVE-2026-33997 (Moby is an open source container framework. Prior to version 29.3.1, a ...)
 	TODO: check
 CVE-2026-33026 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
-	TODO: check
+	NOT-FOR-US: Nginx UI
 CVE-2026-32884 (Botan is a C++ cryptography library. Prior to version 3.11.0, during p ...)
 	TODO: check
 CVE-2026-32883 (Botan is a C++ cryptography library. From version 3.0.0 to before vers ...)
@@ -134,49 +134,49 @@ CVE-2026-32877 (Botan is a C++ cryptography library. From version 2.3.0 to befor
 CVE-2026-32794 (Improper Certificate Validation vulnerability in Apache Airflow Provid ...)
 	TODO: check
 CVE-2026-32734 (baserCMS is a website development framework. Prior to version 5.2.3, b ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2026-32727 (SciTokens is a reference library for generating and using SciTokens. P ...)
-	TODO: check
+	NOT-FOR-US: SciTokens Library
 CVE-2026-32716 (SciTokens is a reference library for generating and using SciTokens. P ...)
-	TODO: check
+	NOT-FOR-US: SciTokens Library
 CVE-2026-32714 (SciTokens is a reference library for generating and using SciTokens. P ...)
-	TODO: check
+	NOT-FOR-US: SciTokens Library
 CVE-2026-32696 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
-	TODO: check
+	NOT-FOR-US: NanoMQ
 CVE-2026-32275 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2026-31946 (OpenOlat is an open source web-based e-learning platform for teaching, ...)
-	TODO: check
+	NOT-FOR-US: OpenOlat
 CVE-2026-31831 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2026-31804 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2026-31799 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2026-30940 (baserCMS is a website development framework. Prior to version 5.2.3, a ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2026-30880 (baserCMS is a website development framework. Prior to version 5.2.3, b ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2026-30879 (baserCMS is a website development framework. Prior to version 5.2.3, b ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2026-30878 (baserCMS is a website development framework. Prior to version 5.2.3, a ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2026-30877 (baserCMS is a website development framework. Prior to version 5.2.3, t ...)
-	TODO: check
+	NOT-FOR-US: baserCMS
 CVE-2026-30313 (DSAI-Cline's command auto-approval module contains a critical OS comma ...)
-	TODO: check
+	NOT-FOR-US: DSAI-Cline
 CVE-2026-30308 (In its design for automatic terminal command execution, HAI Build Code ...)
-	TODO: check
+	NOT-FOR-US: HAI Build Code Generator
 CVE-2026-30307 (Roo Code's command auto-approval module contains a critical OS command ...)
-	TODO: check
+	NOT-FOR-US: Roo Code
 CVE-2026-30306 (In its design for automatic terminal command execution, SakaDev offers ...)
-	TODO: check
+	NOT-FOR-US: SakaDev
 CVE-2026-30305 (Syntx's command auto-approval module contains a critical OS command in ...)
-	TODO: check
+	NOT-FOR-US: Syntx
 CVE-2026-28505 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
-	TODO: check
+	NOT-FOR-US: Tautulli
 CVE-2026-28228 (OpenOlat is an open source web-based e-learning platform for teaching, ...)
-	TODO: check
+	NOT-FOR-US: OpenOlat
 CVE-2026-27697 (baserCMS is a website development framework. Prior to version 5.2.3, b ...)
 	TODO: check
 CVE-2026-27599 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0f87439b4697baa56c3d86a7e84f8b50d5999b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3c0f87439b4697baa56c3d86a7e84f8b50d5999b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260331/feda5a3a/attachment.htm>

More information about the debian-security-tracker-commits mailing list