[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 15 20:52:13 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
60466760 by Salvatore Bonaccorso at 2026-05-15T21:51:41+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -80,49 +80,49 @@ CVE-2026-45616 (Vvveb is a powerful and easy to use CMS with page builder to bui
 CVE-2026-45539 (Microsoft APM is an open-source, community-driven dependency manager f ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-45038 (Tabby (formerly Terminus) is a highly configurable terminal emulator.  ...)
-	TODO: check
+	NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
 CVE-2026-45037 (Tabby (formerly Terminus) is a highly configurable terminal emulator.  ...)
-	TODO: check
+	NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
 CVE-2026-45036 (Tabby (formerly Terminus) is a highly configurable terminal emulator.  ...)
-	TODO: check
+	NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
 CVE-2026-45035 (Tabby (formerly Terminus) is a highly configurable terminal emulator.  ...)
-	TODO: check
+	NOT-FOR-US: Tabby (formerly Terminus, but not the same as src:terminus)
 CVE-2026-45010 (phpMyFAQ before 4.1.2 contains an improper restriction of excessive au ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-45009 (phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerabi ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-45008 (phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Clien ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-45007 (phpMyFAQ before 4.1.2 contains missing permission checks in Configurat ...)
-	TODO: check
+	NOT-FOR-US: phpMyFAQ
 CVE-2026-44826 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
-	TODO: check
+	NOT-FOR-US: Vvveb
 CVE-2026-44774 (Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46,  ...)
 	TODO: check
 CVE-2026-44719 (Mathesar is a web application that makes working with PostgreSQL datab ...)
-	TODO: check
+	NOT-FOR-US: Mathesar
 CVE-2026-44718 (Mathesar is a web application that makes working with PostgreSQL datab ...)
-	TODO: check
+	NOT-FOR-US: Mathesar
 CVE-2026-44717 (MCP Calculate Server is a mathematical calculation service based on MC ...)
-	TODO: check
+	NOT-FOR-US: MCP Calculate Server
 CVE-2026-44714 (The bitcoinj library is a Java implementation of the Bitcoin protocol. ...)
 	TODO: check
 CVE-2026-44699 (LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt acce ...)
 	TODO: check
 CVE-2026-44641 (Microsoft APM is an open-source, community-driven dependency manager f ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2026-44366 (Vvveb is a powerful and easy to use CMS with page builder to build web ...)
-	TODO: check
+	NOT-FOR-US: Vvveb
 CVE-2026-44310 (Gitsign is a keyless Sigstore to signing tool for Git commits with you ...)
 	TODO: check
 CVE-2026-44309 (Gitsign is a keyless Sigstore to signing tool for Git commits with you ...)
 	TODO: check
 CVE-2026-44088 (SzafirHost verifies the signature of the downloaded JAR file using cla ...)
-	TODO: check
+	NOT-FOR-US: SzafirHost
 CVE-2026-42458 (Magento Long Term Support (LTS) is an unofficial, community-driven pro ...)
-	TODO: check
+	NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2026-42207 (Magento Long Term Support (LTS) is an unofficial, community-driven pro ...)
-	TODO: check
+	NOT-FOR-US: Magento LTS (alternative to Magento Community Edition)
 CVE-2026-42155 (Magento Long Term Support (LTS) is an unofficial, community-driven pro ...)
 	TODO: check
 CVE-2026-41971 (Permission control vulnerability in the security control module.Impact ...)
@@ -1036,15 +1036,15 @@ CVE-2026-42572 (Hatchet is a platform for orchestrating background tasks, AI age
 CVE-2026-42559 (RMCP is an official Rust SDK for the Model Context Protocol. Prior to  ...)
 	TODO: check
 CVE-2026-42555 (Valtimo is an open-source business process automation platform. com.ri ...)
-	TODO: check
+	NOT-FOR-US: Valtimo
 CVE-2026-42457 (vCluster Platform provides a Kubernetes platform for managing virtual  ...)
 	NOT-FOR-US: vCluster Platform
 CVE-2026-42334 (Mongoose is a MongoDB object modeling tool designed to work in an asyn ...)
 	TODO: check
 CVE-2026-42283 (DevSpace is a client-only developer tool for cloud-native development  ...)
-	TODO: check
+	NOT-FOR-US: DevSpace
 CVE-2026-42281 (MagicMirror\xb2 is an open source modular smart mirror platform. Prior ...)
-	TODO: check
+	NOT-FOR-US: MagicMirror
 CVE-2026-42186 (OpenBao is an open source identity-based secrets management system. Pr ...)
 	- openbao <itp> (bug #1069794)
 CVE-2026-42159 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
@@ -1597,7 +1597,7 @@ CVE-2026-42408 (When BIG-IP DNS is provisioned, a vulnerability exists in an und
 CVE-2026-42406 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
 	NOT-FOR-US: F5
 CVE-2026-42290 (protobufjs-cli is the command line add-on for protobuf.js. Prior to 1. ...)
-	TODO: check
+	NOT-FOR-US: protobufjs-cli
 CVE-2026-42266 (jupyterlab is an extensible environment for interactive and reproducib ...)
 	TODO: check
 CVE-2026-42063 (A vulnerability exists in iControl SOAP where an authenticated attacke ...)
@@ -2720,9 +2720,9 @@ CVE-2026-42498 (Exposure of HTTP Authentication Header to unexpected hosts durin
 CVE-2026-42348 (OpenTelemetry.OpAmp.Client is the OpAMP client for OpenTelemetry .NET. ...)
 	NOT-FOR-US: OpenTelemetry.OpAmp.Client
 CVE-2026-42303 (Fides is an open-source privacy engineering platform. From 2.75.0 to b ...)
-	TODO: check
+	NOT-FOR-US: Fides
 CVE-2026-42300 (DevGuard provides vulnerability management for the full software suppl ...)
-	TODO: check
+	NOT-FOR-US: DevGuard
 CVE-2026-42260 (Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for ...)
 	TODO: check
 CVE-2026-42177 (linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entr ...)
@@ -3882,7 +3882,7 @@ CVE-2026-42603 (OWASP BLT is a QA testing and vulnerability disclosure platform
 CVE-2026-42349 (Clerk JavaScript is the official JavaScript repository for Clerk authe ...)
 	NOT-FOR-US: Clerk
 CVE-2026-42316 (kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft  ...)
-	TODO: check
+	NOT-FOR-US: kafka-sink-azure-kusto Kafka Connect plugin
 CVE-2026-42315 (pyLoad is a free and open-source download manager written in Python. P ...)
 	- pyload <itp> (bug #1001980)
 CVE-2026-42314 (pyLoad is a free and open-source download manager written in Python. P ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60466760477cbe6cf95167f90ac6ec162dc92e10

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/60466760477cbe6cf95167f90ac6ec162dc92e10
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/16c2f2b9/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list