[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 15 12:39:00 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
96aeda4a by Salvatore Bonaccorso at 2026-05-15T13:38:37+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -61,13 +61,13 @@ CVE-2026-44636 (libsixel is a SIXEL encoder/decoder implementation derived from
 	- libsixel 1:1.8.7-r2-1
 	NOTE: https://github.com/saitoha/libsixel/security/advisories/GHSA-hx93-w8p2-ffh5
 CVE-2026-44430 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
-	TODO: check
+	NOT-FOR-US: MCP Registry
 CVE-2026-44429 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
-	TODO: check
+	NOT-FOR-US: MCP Registry
 CVE-2026-44428 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
-	TODO: check
+	NOT-FOR-US: MCP Registry
 CVE-2026-44427 (The MCP Registry provides MCP clients with a list of MCP servers, like ...)
-	TODO: check
+	NOT-FOR-US: MCP Registry
 CVE-2026-44212 (PrestaShop is an open source e-commerce web application. Prior to 8.2. ...)
 	NOT-FOR-US: PrestaShop
 CVE-2026-43996 (OpenImageIO is a toolset for reading, writing, and manipulating image  ...)
@@ -99,7 +99,7 @@ CVE-2026-43490 (In the Linux kernel, the following vulnerability has been resolv
 	[bullseye] - linux <not-affected> (Vulnerable code not present)
 	NOTE: https://git.kernel.org/linus/996454bc0da84d5a1dedb1a7861823087e01a7ae (7.1-rc3)
 CVE-2026-42847 (ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 ...)
-	TODO: check
+	NOT-FOR-US: ClipBucket
 CVE-2026-42327 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
 	TODO: check
 CVE-2026-41702 (VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerabil ...)
@@ -712,27 +712,27 @@ CVE-2026-43644 (podinfo through 6.11.2 contains a reflected cross-site scripting
 CVE-2026-42897 (Improper neutralization of input during web page generation ('cross-si ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-42881 (STIGQter is an open-source reimplementation of DISA's STIG Viewer. Fro ...)
-	TODO: check
+	NOT-FOR-US: STIGQter
 CVE-2026-42598 (Pode is a Cross-Platform PowerShell web framework for creating REST AP ...)
-	TODO: check
+	NOT-FOR-US: Pode
 CVE-2026-42597 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42596 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42595 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42594 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42593 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42592 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42591 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42590 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42589 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
-	TODO: check
+	NOT-FOR-US: Gotenberg
 CVE-2026-42572 (Hatchet is a platform for orchestrating background tasks, AI agents, a ...)
 	TODO: check
 CVE-2026-42559 (RMCP is an official Rust SDK for the Model Context Protocol. Prior to  ...)
@@ -740,7 +740,7 @@ CVE-2026-42559 (RMCP is an official Rust SDK for the Model Context Protocol. Pri
 CVE-2026-42555 (Valtimo is an open-source business process automation platform. com.ri ...)
 	TODO: check
 CVE-2026-42457 (vCluster Platform provides a Kubernetes platform for managing virtual  ...)
-	TODO: check
+	NOT-FOR-US: vCluster Platform
 CVE-2026-42334 (Mongoose is a MongoDB object modeling tool designed to work in an asyn ...)
 	TODO: check
 CVE-2026-42283 (DevSpace is a client-only developer tool for cloud-native development  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96aeda4a525c1e86f53f9d30cba7ae921fa9490f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/96aeda4a525c1e86f53f9d30cba7ae921fa9490f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/dd2ba9b0/attachment.htm>

More information about the debian-security-tracker-commits mailing list