[Git][security-tracker-team/security-tracker][master] Process some more NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue May 5 08:51:24 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6c2b95af by Salvatore Bonaccorso at 2026-05-05T09:50:57+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65,7 +65,7 @@ CVE-2026-6700 (The DX Sources plugin for WordPress is vulnerable to Cross-Site R
 CVE-2026-6696 (The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflec ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6501 (Improper restriction of XML external entity reference vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: jOpenDocument
 CVE-2026-6500 (Plaintext storage of a password vulnerability in ILM Informatique Open ...)
 	NOT-FOR-US: OpenConcerto
 CVE-2026-6499 (Incorrect Permission Assignment for Critical Resource vulnerability in ...)
@@ -75,11 +75,11 @@ CVE-2026-6418 (An issue was discovered in the Shared Account Synchronization com
 CVE-2026-6321 (fast-uri decoded percent-encoded path separators and dot segments befo ...)
 	TODO: check
 CVE-2026-6266 (A flaw was found in the AAP gateway. The user auto-link strategy, intr ...)
-	TODO: check
+	NOT-FOR-US: Red Hat AAP gateway
 CVE-2026-6255 (The Simple Owl Shortcodes plugin for WordPress is vulnerable to Stored ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6180 (A race condition exists in PaperCut MF when processing badge-swipe dat ...)
-	TODO: check
+	NOT-FOR-US: PaperCut
 CVE-2026-5957 (The EmailKit plugin for WordPress is vulnerable to Arbitrary File Read ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5722 (The MoreConvert Pro plugin for WordPress is vulnerable to Authenticati ...)
@@ -113,7 +113,7 @@ CVE-2026-44029 (An issue was discovered in Nix before 2.34.7. Writing to arbitra
 CVE-2026-44028 (An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Un ...)
 	TODO: check
 CVE-2026-43616 (Detect-It-Easy prior to 3.21 contains a path traversal vulnerability t ...)
-	TODO: check
+	NOT-FOR-US: Detect-It-Easy
 CVE-2026-42812 (In Apache Iceberg, the table's metadata files are control files: they  ...)
 	TODO: check
 CVE-2026-42811 (In plain terms, Apache Polaris is supposed to issue short-lived GCS cr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c2b95af9317b0355dd98c7d3650f658a3d92589

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6c2b95af9317b0355dd98c7d3650f658a3d92589
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/f24f8933/attachment.htm>

More information about the debian-security-tracker-commits mailing list