[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 15 09:31:45 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5b50f7c by Salvatore Bonaccorso at 2026-05-15T10:31:26+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -19,33 +19,33 @@ CVE-2026-6646 (The The7 theme for WordPress is vulnerable to Stored Cross-Site S
 CVE-2026-4094 (The FOX \u2013 Currency Switcher Professional for WooCommerce plugin f ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-46356 (Fleet is open source device management software. Prior to version 4.80 ...)
-	TODO: check
+	NOT-FOR-US: Fleet
 CVE-2026-45781 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
-	TODO: check
+	NOT-FOR-US: MCP Registry
 CVE-2026-45370 (python-utcp is the python implementation of UTCP. Prior to 1.1.3, _pre ...)
 	TODO: check
 CVE-2026-45369 (python-utcp is the python implementation of UTCP. Prior to 1.1.3, the  ...)
 	TODO: check
 CVE-2026-45248 (Hedera Guardian through 3.5.1 contains an authentication bypass vulner ...)
-	TODO: check
+	NOT-FOR-US: Hedera Guardian
 CVE-2026-44700 (Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior ...)
 	TODO: check
 CVE-2026-44679 (Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10 ...)
-	TODO: check
+	NOT-FOR-US: Tuist
 CVE-2026-44678 (Tuist is a virtual platform team for Swift app devs. In 1.180.8 and ea ...)
-	TODO: check
+	NOT-FOR-US: Tuist
 CVE-2026-44673 (libyang is a YANG data modeling language library. Prior to SO 5.2.15,  ...)
 	TODO: check
 CVE-2026-44671 (ZITADEL is an open source identity management platform. From 2.71.11 t ...)
-	TODO: check
+	NOT-FOR-US: Zitadel
 CVE-2026-44666 (HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion ser ...)
-	TODO: check
+	NOT-FOR-US: HRConvert2
 CVE-2026-44662 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
 	TODO: check
 CVE-2026-44661 (python-utcp is the python implementation of UTCP. Prior to 1.1.3, the  ...)
 	TODO: check
 CVE-2026-44647 (OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0 ...)
-	TODO: check
+	NOT-FOR-US: OneDev
 CVE-2026-44638 (libsixel is a SIXEL encoder/decoder implementation derived from kmiya' ...)
 	TODO: check
 CVE-2026-44637 (libsixel is a SIXEL encoder/decoder implementation derived from kmiya' ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b50f7c123e20104d6a36637e833a2bbd786eef

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b50f7c123e20104d6a36637e833a2bbd786eef
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/89258c16/attachment.htm>

More information about the debian-security-tracker-commits mailing list