[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 15 09:41:59 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
16bc4030 by Salvatore Bonaccorso at 2026-05-15T10:41:33+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -23,9 +23,9 @@ CVE-2026-46356 (Fleet is open source device management software. Prior to versio
 CVE-2026-45781 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
 	NOT-FOR-US: MCP Registry
 CVE-2026-45370 (python-utcp is the python implementation of UTCP. Prior to 1.1.3, _pre ...)
-	TODO: check
+	NOT-FOR-US: python-utcp
 CVE-2026-45369 (python-utcp is the python implementation of UTCP. Prior to 1.1.3, the  ...)
-	TODO: check
+	NOT-FOR-US: python-utcp
 CVE-2026-45248 (Hedera Guardian through 3.5.1 contains an authentication bypass vulner ...)
 	NOT-FOR-US: Hedera Guardian
 CVE-2026-44700 (Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior ...)
@@ -43,7 +43,7 @@ CVE-2026-44666 (HRConvert2 is a self-hosted, drag-and-drop & nosql file conversi
 CVE-2026-44662 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
 	TODO: check
 CVE-2026-44661 (python-utcp is the python implementation of UTCP. Prior to 1.1.3, the  ...)
-	TODO: check
+	NOT-FOR-US: python-utcp
 CVE-2026-44647 (OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0 ...)
 	NOT-FOR-US: OneDev
 CVE-2026-44638 (libsixel is a SIXEL encoder/decoder implementation derived from kmiya' ...)
@@ -61,7 +61,7 @@ CVE-2026-44428 (The MCP Registry provides MCP clients with a list of MCP servers
 CVE-2026-44427 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
 	TODO: check
 CVE-2026-44212 (PrestaShop is an open source e-commerce web application. Prior to 8.2. ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2026-43996 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
 	TODO: check
 CVE-2026-43909 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16bc403040745e90ff6030e3f4b5609bad64a024

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/16bc403040745e90ff6030e3f4b5609bad64a024
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/d6d4f761/attachment.htm>

More information about the debian-security-tracker-commits mailing list