[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 17 08:14:38 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
73f53d9d by Salvatore Bonaccorso at 2026-05-17T09:14:13+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1311,11 +1311,11 @@ CVE-2026-41888 (Distribution is a toolkit to pack, ship, store, and deliver cont
CVE-2026-41615 (Exposure of sensitive information to an unauthorized actor in Microsof ...)
NOT-FOR-US: Microsoft
CVE-2026-41315 (mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver- ...)
- TODO: check
+ NOT-FOR-US: mdserver-web
CVE-2026-40893 (Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8. ...)
- TODO: check
+ NOT-FOR-US: Gotenberg
CVE-2026-38740 (Foscam VD1 Video Doorbell before V5.3.13_1072 is vulnerable to Clearte ...)
- TODO: check
+ NOT-FOR-US: Foscam VD1 Video Doorbell
CVE-2026-2347 (Authorization bypass through User-Controlled key vulnerability in Akil ...)
TODO: check
CVE-2026-27886 (Strapi is an open source headless content management system. Strapi ve ...)
@@ -1873,39 +1873,39 @@ CVE-2026-41953 (A vulnerability exists in BIG-IP systems where a highly privileg
CVE-2026-41410
REJECTED
CVE-2026-41281 (Android App "\u3042\u3093\u3057\u3093\u30d5\u30a3\u30eb\u30bf\u30fc fo ...)
- TODO: check
+ NOT-FOR-US: Android App provided by KDDI CORPORATION
CVE-2026-41255 (CKAN is an open-source DMS (data management system) for powering data ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2026-41227 (On an HTTP/2 virtual server with Layer 7 DoS Protection configured, un ...)
NOT-FOR-US: F5
CVE-2026-41225 (A vulnerability exists in iControl REST where a highly privileged, aut ...)
NOT-FOR-US: F5
CVE-2026-41219 (An improper sanitization vulnerability exists in the BIG-IP QKView uti ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-41218 (When BIG-IP PEM iRules are configured on a virtual server (iRules usin ...)
NOT-FOR-US: F5
CVE-2026-41217 (A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) comm ...)
NOT-FOR-US: F5
CVE-2026-41132 (CKAN is an open-source DMS (data management system) for powering data ...)
- TODO: check
+ NOT-FOR-US: CKAN
CVE-2026-41051 (csync2 uses insecure temporary directories when compiled with C99 or l ...)
TODO: check
CVE-2026-41050 (Fleet's Helm deployer did not fully apply ServiceAccount impersonation ...)
- TODO: check
+ NOT-FOR-US: Fleet's Helm deployer
CVE-2026-40703 (A cross-site request forgery (CSRF) vulnerability exists in the dashbo ...)
NOT-FOR-US: F5
CVE-2026-40699 (A vulnerability exists in the undisclosed pages in the Configuration u ...)
NOT-FOR-US: F5
CVE-2026-40698 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40631 (An authenticated attacker with the Resource Administrator or Administr ...)
NOT-FOR-US: F5
CVE-2026-40629 (When SSL profiles are configured on a virtual server, undisclosed traf ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40621 (ELECOM wireless LAN access point devices do not require authentication ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2026-40618 (When an SSL profile is configured on a virtual server on BIG-IP Virtua ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-40462 (Incorrect permission assignment vulnerabilities exist in iControl REST ...)
NOT-FOR-US: F5
CVE-2026-40435 (When configured, IP-based access restrictions for httpddo not cover al ...)
@@ -1955,23 +1955,23 @@ CVE-2026-39458 (When a BIG-IP DNS profile enabled with DNS cache is configured o
CVE-2026-39455 (When the BIG-IP Configuration utility is configured to use Lightweight ...)
NOT-FOR-US: F5
CVE-2026-39428 (CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored C ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-39358 (CubeCart is an ecommerce software solution. Prior to 6.6.0, Authentica ...)
- TODO: check
+ NOT-FOR-US: CubeCart
CVE-2026-37430 (An arbitrary file upload vulnerability in the ShopOrderImportControlle ...)
- TODO: check
+ NOT-FOR-US: qihang-wms
CVE-2026-37429 (qihang-wms commit 75c15a was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: qihang-wms
CVE-2026-37428 (qihang-wms commit 75c15a was discovered to contain a SQL injection vul ...)
- TODO: check
+ NOT-FOR-US: qihang-wms
CVE-2026-36742 (Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART boo ...)
- TODO: check
+ NOT-FOR-US: Hiseeu
CVE-2026-36741 (U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: U-SPEED AC1200 Gigabit Wi-Fi Router
CVE-2026-36738 (U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerabl ...)
- TODO: check
+ NOT-FOR-US: U-SPEED AC1200 Gigabit Wi-Fi Router
CVE-2026-35506 (ELECOM wireless LAN access point devices contain an OS command injecti ...)
- TODO: check
+ NOT-FOR-US: ELECOM
CVE-2026-35062 (An authenticated iControl SOAP user may be able to obtain information ...)
NOT-FOR-US: F5
CVE-2026-34176 (When running in Appliance mode, an authenticated remote command inject ...)
@@ -1979,11 +1979,11 @@ CVE-2026-34176 (When running in Appliance mode, an authenticated remote command
CVE-2026-34019 (When Bidirectional Forwarding Detection (BFD) is configured in Static ...)
NOT-FOR-US: F5
CVE-2026-33585 (Improper management of the idle timeout parameterin the Keycloak inter ...)
- TODO: check
+ NOT-FOR-US: Arqit SKA-Platform
CVE-2026-33584 (Exposed Keycloak management service in the Arqit Symmetric Key Agreem ...)
- TODO: check
+ NOT-FOR-US: Arqit
CVE-2026-33583 (Exposure of the QKEY (used as input into the \u2018OTA-Quantum\u2019 ...)
- TODO: check
+ NOT-FOR-US: Arqit
CVE-2026-33381 (When a user's access to mint tokens for a service account is revoked, ...)
TODO: check
CVE-2026-33380 (A vulnerability in SQL Expressions allows an authenticated attacker to ...)
@@ -2003,7 +2003,7 @@ CVE-2026-32991 (Improper authorization checks of team members privileges allow a
CVE-2026-32673 (A vulnerability exists in BIG-IP scripted monitors that may allow an a ...)
NOT-FOR-US: F5
CVE-2026-32643 (A vulnerability exists in BIG-IP and BIG-IQ systems where a highly pri ...)
- TODO: check
+ NOT-FOR-US: F5
CVE-2026-31156 (A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f ...)
TODO: check
CVE-2026-30906 (Untrusted search path in the installer for Zoom Rooms for Windows befo ...)
@@ -2549,7 +2549,7 @@ CVE-2026-42288 (ChurchCRM is an open-source church management system. Prior to 7
CVE-2026-42196 (django-s3file is a lightweight file upload input for Django and Amazon ...)
TODO: check
CVE-2026-42191 (OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetr ...)
- TODO: check
+ NOT-FOR-US: OpenTelemetry.Exporter.OpenTelemetryProtocol
CVE-2026-42158 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
NOT-FOR-US: Flowsint
CVE-2026-42157 (Flowsint is an open-source OSINT graph exploration tool designed for c ...)
@@ -2559,15 +2559,15 @@ CVE-2026-42156 (Flowsint is an open-source OSINT graph exploration tool designed
CVE-2026-41901 (Thymeleaf is a server-side Java template engine for web and standalone ...)
NOT-FOR-US: Thymeleaf
CVE-2026-41195 (mosparo is the modern solution to protect your online forms from spam. ...)
- TODO: check
+ NOT-FOR-US: mosparo
CVE-2026-40902 (PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
- TODO: check
+ NOT-FOR-US: PhpSpreadsheet
CVE-2026-40863 (PhpSpreadsheet is a pure PHP library for reading and writing spreadshe ...)
- TODO: check
+ NOT-FOR-US: PhpSpreadsheet
CVE-2026-35555 (PowerSYSTEM Center feature for device project groups allows an authent ...)
- TODO: check
+ NOT-FOR-US: PowerSYSTEM Center
CVE-2026-35504 (PowerSYSTEM Center email notification service is affected by a CRLF in ...)
- TODO: check
+ NOT-FOR-US: PowerSYSTEM Center
CVE-2026-34690 (After Effects versions 26.0, 25.6.4 and earlier are affected by a Stac ...)
NOT-FOR-US: Adobe
CVE-2026-34688 (CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affecte ...)
@@ -2629,7 +2629,7 @@ CVE-2026-34646 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p
CVE-2026-34645 (Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2. ...)
NOT-FOR-US: Adobe
CVE-2026-33570 (PowerSYSTEM Center REST API endpoint for devices allows a low privileg ...)
- TODO: check
+ NOT-FOR-US: PowerSYSTEM Center
CVE-2026-32661 (Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailS ...)
TODO: check
CVE-2026-2725 (Incorrect authorization in the "submitted together" feature in Gerrit ...)
@@ -3343,31 +3343,31 @@ CVE-2026-31240 (The mem0 1.0.0 server lacks authentication and authorization con
CVE-2026-31239 (The mamba language model framework thru 2.2.6 is vulnerable to insecur ...)
TODO: check
CVE-2026-31238 (The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...)
- TODO: check
+ NOT-FOR-US: Ludwig framework
CVE-2026-31237 (The Ludwig framework thru 0.10.4 is vulnerable to insecure deserializa ...)
- TODO: check
+ NOT-FOR-US: Ludwig framework
CVE-2026-31236 (The llm CLI tool thru 0.27.1 contains a critical code injection vulner ...)
TODO: check
CVE-2026-31235 (The imgaug library thru 0.4.0 contains an insecure deserialization vul ...)
TODO: check
CVE-2026-31234 (Horovod thru 0.28.1 contains an insecure deserialization vulnerability ...)
- TODO: check
+ NOT-FOR-US: Horovod
CVE-2026-31233 (Guardrails AI thru 0.6.7 contains a code injection vulnerability (CWE- ...)
- TODO: check
+ NOT-FOR-US: Guardrails AI
CVE-2026-31232 (The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aa ...)
- TODO: check
+ NOT-FOR-US: CosyVoice
CVE-2026-31231 (Cognee thru v0.4.0 contains a critical remote code execution vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Cognee
CVE-2026-31230 (The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a comman ...)
- TODO: check
+ NOT-FOR-US: Adversarial Robustness Toolbox (ART)
CVE-2026-31229 (The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains an insec ...)
- TODO: check
+ NOT-FOR-US: Adversarial Robustness Toolbox (ART)
CVE-2026-31228 (The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote ...)
- TODO: check
+ NOT-FOR-US: Adversarial Robustness Toolbox (ART)
CVE-2026-31226 (The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b ...)
- TODO: check
+ NOT-FOR-US: TinyZero
CVE-2026-31225 (The superduper project thru v0.10.0 contains a critical remote code ex ...)
- TODO: check
+ NOT-FOR-US: superduper
CVE-2026-31224 (The snorkel library thru v0.10.0 contains an insecure deserialization ...)
TODO: check
CVE-2026-31223 (The snorkel library thru v0.10.0 contains a critical insecure deserial ...)
@@ -3377,7 +3377,7 @@ CVE-2026-31222 (The snorkel library thru v0.10.0 contains an insecure deserializ
CVE-2026-31221 (PyTorch-Lightning versions 2.6.0 and earlier contain an insecure deser ...)
TODO: check
CVE-2026-31220 (PySyft (Syft Datasite/Server) versions 0.9.5 and earlier are vulnerabl ...)
- TODO: check
+ NOT-FOR-US: PySyft (Syft Datasite/Server)
CVE-2026-31219 (The _load_model() function in the neural_magic_training.py script of t ...)
TODO: check
CVE-2026-31218 (The _load_model() function in the neural_magic_training.py script of t ...)
@@ -3385,9 +3385,9 @@ CVE-2026-31218 (The _load_model() function in the neural_magic_training.py scrip
CVE-2026-31217 (The _load_model() function in the neural_magic_training.py script of t ...)
TODO: check
CVE-2026-31216 (The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...)
- TODO: check
+ NOT-FOR-US: nexent
CVE-2026-31215 (The nexent v1.7.5.2 backend service contains an unauthorized arbitrary ...)
- TODO: check
+ NOT-FOR-US: nexent
CVE-2026-31214 (The torch-checkpoint-shrink.py script in the ml-engineering project in ...)
TODO: check
CVE-2026-30810 (Server-Side Request Forgery vulnerability allows Privilege Escalation ...)
@@ -3707,7 +3707,7 @@ CVE-2026-42564 (jotty\xb7page is a self-hosted app for your checklists and notes
CVE-2026-42554 (Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Sit ...)
NOT-FOR-US: Fiber
CVE-2026-42188 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...)
- TODO: check
+ NOT-FOR-US: Geyser
CVE-2026-42046 (libcaca is a colour ASCII art library. In 0.99.beta20 and earlier, an ...)
- libcaca <unfixed>
NOTE: https://github.com/cacalabs/libcaca/security/advisories/GHSA-4vvg-vrqv-m56w
@@ -3744,7 +3744,7 @@ CVE-2026-39869 (The issue was addressed with improved memory handling. This issu
CVE-2026-37630 (An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrar ...)
TODO: check
CVE-2026-36734 (EDIMAX BR-6428nS V3 1.15 is vulnerable to Command Injection. An authen ...)
- TODO: check
+ NOT-FOR-US: EDIMAX
CVE-2026-34963 (barebox version prior to 2026.04.0 contains multiple memory-safety vul ...)
TODO: check
CVE-2026-34962 (barebox version prior to 2026.04.0 contains a denial-of-service vulner ...)
@@ -4154,7 +4154,7 @@ CVE-2026-42312 (pyLoad is a free and open-source download manager written in Pyt
CVE-2026-41951 (Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which ...)
NOT-FOR-US: GROWI
CVE-2026-41431 (Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a ...)
- TODO: check
+ NOT-FOR-US: Zen
CVE-2026-41257 (jq is a command-line JSON processor. In 1.8.1 and earlier, the jq byte ...)
- jq <unfixed> (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-4jm8-m363-4539
@@ -4162,7 +4162,7 @@ CVE-2026-41256 (jq is a command-line JSON processor. In 1.8.1 and earlier, Top-l
- jq <unfixed> (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-vf2h-chrj-q3fg
CVE-2026-41250 (Taiga is a project management platform for startups and agile develope ...)
- TODO: check
+ NOT-FOR-US: Taiga
CVE-2026-41018 (The Elasticsearch logging provider, when configured with a `host` URL ...)
TODO: check
CVE-2026-40636 (Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale version ...)
@@ -4171,39 +4171,39 @@ CVE-2026-40612 (jq is a command-line JSON processor. In 1.8.1 and earlier, jv_co
- jq <unfixed> (bug #1136445)
NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-r7m6-x9c7-h69j
CVE-2026-3609 (Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vu ...)
- TODO: check
+ NOT-FOR-US: Wellbia XIGNCODE3 xhunter1.sys kernel driver
CVE-2026-3320 (Reflected Cross-Site Scripting (XSS) in the latest demo version of the ...)
- TODO: check
+ NOT-FOR-US: Cradle eCommerce
CVE-2026-3319 (Reflected Cross-Site Scripting (XSS) in the latest demo version of the ...)
- TODO: check
+ NOT-FOR-US: Cradle eCommerce
CVE-2026-3048 (An authenticated administrator who configures or tests LDAP connectivi ...)
NOT-FOR-US: Sonatype
CVE-2026-38569 (HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate ...)
- TODO: check
+ NOT-FOR-US: HireFlow
CVE-2026-38568 (HireFlow v1.2 is vulnerable to Incorrect Access Control. The applicati ...)
- TODO: check
+ NOT-FOR-US: HireFlow
CVE-2026-38567 (HireFlow v1.2 is vulnerable to SQL injection in the /login and /search ...)
- TODO: check
+ NOT-FOR-US: HireFlow
CVE-2026-38566 (HireFlow v1.2 does not implement CSRF token validation on any state-ch ...)
- TODO: check
+ NOT-FOR-US: HireFlow
CVE-2026-36983 (D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the fun ...)
NOT-FOR-US: D-Link
CVE-2026-36962 (SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated a ...)
- TODO: check
+ NOT-FOR-US: MuuCMF
CVE-2026-36906 (Cross Site Scripting vulnerability in iotgateway v.3.0.1 allows a remo ...)
- TODO: check
+ NOT-FOR-US: iotgateway
CVE-2026-35157 (Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale version ...)
NOT-FOR-US: Dell / EMC
CVE-2026-33362 (In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arent ...)
- TODO: check
+ NOT-FOR-US: CloudEdge
CVE-2026-33361 (In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudE ...)
- TODO: check
+ NOT-FOR-US: Meari IoT SDK
CVE-2026-33359 (In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed ...)
- TODO: check
+ NOT-FOR-US: Meari IoT Cloud
CVE-2026-33357 (In Meari client applications embedding "com.meari.sdk" (including Clou ...)
- TODO: check
+ NOT-FOR-US: Meari
CVE-2026-33356 (In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authe ...)
- TODO: check
+ NOT-FOR-US: Meari
CVE-2026-32658 (Dell Automation Platform versions prior to 2.0.0.0, contains a missing ...)
NOT-FOR-US: Dell / EMC
CVE-2026-31254 (The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e ...)
@@ -4211,21 +4211,21 @@ CVE-2026-31254 (The flash-attention project thru commit e724e2588cbe754beb97cf7c
CVE-2026-31253 (The flash-attention training framework thru commit e724e2588cbe754beb9 ...)
TODO: check
CVE-2026-31252 (CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...)
- TODO: check
+ NOT-FOR-US: CosyVoice
CVE-2026-31251 (CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...)
- TODO: check
+ NOT-FOR-US: CosyVoice
CVE-2026-31250 (CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...)
- TODO: check
+ NOT-FOR-US: CosyVoice
CVE-2026-31249 (CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-3 ...)
- TODO: check
+ NOT-FOR-US: CosyVoice
CVE-2026-31248 (Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) ...)
TODO: check
CVE-2026-31247 (Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) ...)
TODO: check
CVE-2026-31246 (GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-0 ...)
- TODO: check
+ NOT-FOR-US: GPT-Pilot
CVE-2026-30635 (Command injection vulnerability in automagik-genie 2.5.27 MCP Server a ...)
- TODO: check
+ NOT-FOR-US: automagik-genie
CVE-2026-2393 (A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow ve ...)
NOT-FOR-US: mlflow
CVE-2026-26946 (Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale version ...)
@@ -4847,7 +4847,7 @@ CVE-2026-42190 (RedwoodSDK is a server-first React framework. From version 1.0.0
CVE-2026-42189 (Russh is a Rust SSH client & server library. Prior to version 0.60.1, ...)
NOT-FOR-US: Russh
CVE-2026-42185 (People is an application to handle users and teams, and distribute per ...)
- TODO: check
+ NOT-FOR-US: People (suitenumerique/people)
CVE-2026-42183 (Argo Workflows is an open source container-native workflow engine for ...)
NOT-FOR-US: Argo
CVE-2026-42181 (Lemmy is a link aggregator and forum for the fediverse. Prior to versi ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73f53d9df9915b010ed7dc5985221448bad50174
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/73f53d9df9915b010ed7dc5985221448bad50174
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260517/f6391823/attachment.htm>
More information about the debian-security-tracker-commits
mailing list