[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 29 21:42:30 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
72af059a by Salvatore Bonaccorso at 2026-05-29T22:40:05+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -205,21 +205,21 @@ CVE-2026-45043 (RustFS is a distributed object storage system built in Rust. Pri
 CVE-2026-44962 (Plesk contains an XPath injection vulnerability in the APS Application ...)
 	NOT-FOR-US: Plesk
 CVE-2026-44698 (Home Assistant is open source home automation software that puts local ...)
-	TODO: check
+	NOT-FOR-US: Home Assistant
 CVE-2026-44697 (Klever-Go is the Go implementation of the Klever blockchain protocol.  ...)
-	TODO: check
+	NOT-FOR-US: Klever-Go
 CVE-2026-44652 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2026-44651 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2026-44650 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2026-44649 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2026-44648 (SillyTavern is a locally installed user interface that allows users to ...)
-	TODO: check
+	NOT-FOR-US: SillyTavern
 CVE-2026-44611 (Danelec MacGregor Voyage Data Recorder passwords are stored with a has ...)
-	TODO: check
+	NOT-FOR-US: Danelec MacGregor Voyage Data Recorder
 CVE-2026-44518 (liboqs is a C-language cryptographic library that provides implementat ...)
 	TODO: check
 CVE-2026-44239 (FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Das ...)
@@ -1392,26 +1392,26 @@ CVE-2026-45021 (Kuma is a modern Envoy-based service mesh that can run on every
 CVE-2026-45017 (Python Liquid is a Python engine for the Liquid template language. Pri ...)
 	NOT-FOR-US: Python Liquid
 CVE-2026-44798 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
-	TODO: check
+	NOT-FOR-US: Nautobot
 CVE-2026-44797 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
-	TODO: check
+	NOT-FOR-US: Nautobot
 CVE-2026-44796 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
-	TODO: check
+	NOT-FOR-US: Nautobot
 CVE-2026-44794 (Nautobot is a Network Source of Truth and Network Automation Platform. ...)
-	TODO: check
+	NOT-FOR-US: Nautobot
 CVE-2026-44672 (mapfish-print is a component of MapFish for printing templated cartogr ...)
-	TODO: check
+	NOT-FOR-US: mapfish-print
 CVE-2026-44604 (A command injection vulnerability was discovered in the `rpmuncompress ...)
 	- rpm <unfixed> (bug #1138234)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460967
 CVE-2026-44594 (esm.sh is a no-build content delivery network (CDN) for web developmen ...)
-	TODO: check
+	NOT-FOR-US: esm.sh
 CVE-2026-44593 (esm.sh is a no-build content delivery network (CDN) for web developmen ...)
-	TODO: check
+	NOT-FOR-US: esm.sh
 CVE-2026-44543 (Local Path Provisioner provides a way for the Kubernetes users to util ...)
 	TODO: check
 CVE-2026-44477 (CloudNativePG is a platform designed to manage PostgreSQL databases wi ...)
-	TODO: check
+	NOT-FOR-US: CloudNativePG
 CVE-2026-44466 (Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission ...)
 	TODO: check
 CVE-2026-44465 (Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary com ...)
@@ -2264,19 +2264,19 @@ CVE-2026-44887 (Pi.Alert is a WIFI / LAN intruder detector with web service moni
 CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder detector with web service monitoring ...)
 	NOT-FOR-US: Pi.Alert
 CVE-2026-44724 (systeminformation is a System and OS information library for node.js.  ...)
-	TODO: check
+	NOT-FOR-US: systeminformation Node.js module
 CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and assessment pl ...)
-	TODO: check
+	NOT-FOR-US: OpenLearnX
 CVE-2026-44713 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
-	TODO: check
+	NOT-FOR-US: pam_usb
 CVE-2026-44712 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
-	TODO: check
+	NOT-FOR-US: pam_usb
 CVE-2026-44711 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
-	TODO: check
+	NOT-FOR-US: pam_usb
 CVE-2026-44710 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
-	TODO: check
+	NOT-FOR-US: pam_usb
 CVE-2026-44709 (pam_usb provides hardware authentication for Linux using ordinary remo ...)
-	TODO: check
+	NOT-FOR-US: pam_usb
 CVE-2026-44681 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	TODO: check
 CVE-2026-44660 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...)
@@ -2597,25 +2597,25 @@ CVE-2026-44839 (RabbitMQ is a messaging and streaming broker. From 3.7.0 to befo
 CVE-2026-44838 (RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2 ...)
 	TODO: check
 CVE-2026-44830 (Nocturne Memory is a lightweight, rollbackable, and visual Long-Term M ...)
-	TODO: check
+	NOT-FOR-US: Nocturne Memory
 CVE-2026-44635 (Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.2 ...)
-	TODO: check
+	NOT-FOR-US: Kysely
 CVE-2026-44521 (elFinder is an open-source file manager for web, written in JavaScript ...)
-	TODO: check
+	NOT-FOR-US: elFinder
 CVE-2026-44483 (RVF (formerly Remix Validated Form) provides easy form validation and  ...)
-	TODO: check
+	NOT-FOR-US: RVF (formerly Remix Validated Form)
 CVE-2026-44475 (Ella Core is a 5G core designed for private networks. Prior to 1.10.0, ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-44474 (Ella Core is a 5G core designed for private networks. Prior to 1.10.0, ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-44473 (Ella Core is a 5G core designed for private networks. Prior to 1.10.0, ...)
-	TODO: check
+	NOT-FOR-US: Ella Core
 CVE-2026-44460 (FileRise is a self-hosted web-based file manager with multi-file uploa ...)
-	TODO: check
+	NOT-FOR-US: FileRise
 CVE-2026-44346 (BentoML is a Python library for building online serving systems optimi ...)
-	TODO: check
+	NOT-FOR-US: BentoML
 CVE-2026-44345 (BentoML is a Python library for building online serving systems optimi ...)
-	TODO: check
+	NOT-FOR-US: BentoML
 CVE-2026-44330 (free5GC is an open-source implementation of the 5G core network. Prior ...)
 	NOT-FOR-US: free5GC
 CVE-2026-44329 (free5GC is an open-source implementation of the 5G core network. Prior ...)
@@ -4706,19 +4706,19 @@ CVE-2026-44832 (Snipe-IT is an IT asset/license management system. Prior to 8.4.
 CVE-2026-44831 (Snipe-IT is an IT asset/license management system. Prior to 8.4.1, use ...)
 	TODO: check
 CVE-2026-44788 (SharpCompress is a fully managed C# library to deal with many compress ...)
-	TODO: check
+	NOT-FOR-US: SharpCompress library
 CVE-2026-44708 (Mistune is a Python Markdown parser with renderers and plugins. Prior  ...)
 	TODO: check
 CVE-2026-44451 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the  ...)
-	TODO: check
+	NOT-FOR-US: Lumiverse
 CVE-2026-44450 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the  ...)
-	TODO: check
+	NOT-FOR-US: Lumiverse
 CVE-2026-44449 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when ...)
-	TODO: check
+	NOT-FOR-US: Lumiverse
 CVE-2026-44444 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the  ...)
-	TODO: check
+	NOT-FOR-US: Lumiverse
 CVE-2026-44443 (Lumiverse is a full-featured AI chat application. Prior to 0.9.7, cons ...)
-	TODO: check
+	NOT-FOR-US: Lumiverse
 CVE-2026-44214 (eventsource-encoder encodes events as well-formed EventSource/Server S ...)
 	TODO: check
 CVE-2026-44213 (The OpenTelemetry.Exporter.Instana exports telemetry to Instana backen ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72af059ab4f9afc5be9498eb82ed98a3ada4ea81

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/72af059ab4f9afc5be9498eb82ed98a3ada4ea81
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/dd73d4db/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list