Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6aed79cd by Moritz Muehlenhoff at 2026-01-08T10:19:05+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9,15 +9,15 @@ CVE-2026-22578
CVE-2026-22577
REJECTED
CVE-2026-22190 (Panda3D versions up to and including 1.10.16 egg-mkfont
contains an un ...)
- TODO: check
+ NOT-FOR-US: Panda3D
CVE-2026-22189 (Panda3D versions up to and including 1.10.16 egg-mkfont
contains a sta ...)
- TODO: check
+ NOT-FOR-US: Panda3D
CVE-2026-22188 (Panda3D versions up to and including 1.10.16 deploy-stub
contains a de ...)
- TODO: check
+ NOT-FOR-US: Panda3D
CVE-2026-22187 (Bio-Formats versions up to and including 8.3.0 perform unsafe
Java des ...)
- TODO: check
+ NOT-FOR-US: Bio-Formats
CVE-2026-22186 (Bio-Formats versions up to and including 8.3.0 contain an XML
External ...)
- TODO: check
+ NOT-FOR-US: Bio-Formats
CVE-2026-22185 (OpenLDAP Lightning Memory-Mapped Database (LMDB) mdb_load
contains a h ...)
- openldap <unfixed>
NOTE: https://seclists.org/fulldisclosure/2026/Jan/5
@@ -30,7 +30,7 @@ CVE-2026-22046 (iccDEV provides a set of libraries and tools
that allow for the
CVE-2026-22035 (Greenshot is an open source Windows screenshot utility.
Versions 1.3.3 ...)
NOT-FOR-US: Greenshot
CVE-2026-21883 (Bokeh is an interactive visualization library written in
Python. In ve ...)
- TODO: check
+ - python-bokeh <itp> (bug #756017)
CVE-2026-21881 (Kanboard is project management software focused on Kanban
methodology. ...)
- kanboard <unfixed>
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-wwpf-3j4p-739w
@@ -44,28 +44,28 @@ CVE-2026-21879 (Kanboard is project management software
focused on Kanban method
NOTE:
https://github.com/kanboard/kanboard/security/advisories/GHSA-mhv9-7m9w-7hcq
NOTE:
https://github.com/kanboard/kanboard/commit/93bcae03301a6d34185a8dba977417e6b3de519f
(v1.2.49)
CVE-2026-21877 (n8n is an open source workflow automation platform. In
versions 0.121. ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-21875 (ClipBucket v5 is an open source video sharing platform.
Versions 5.5.2 ...)
- TODO: check
+ NOT-FOR-US: ClipBucket
CVE-2026-21869 (llama.cpp is an inference of several LLM models in C/C++. In
commits 5 ...)
- llama.cpp <unfixed>
NOTE:
https://github.com/ggml-org/llama.cpp/security/advisories/GHSA-8947-pfff-2f3c
CVE-2026-21868 (Flag Forge is a Capture The Flag (CTF) platform. Versions
2.3.2 and be ...)
- TODO: check
+ NOT-FOR-US: Flag Forge
CVE-2026-21859 (Mailpit is an email testing tool and API for developers.
Versions 1.28 ...)
- TODO: check
+ NOT-FOR-US: Mailpit
CVE-2026-21858 (n8n is an open source workflow automation platform. Versions
below 1.1 ...)
- TODO: check
+ NOT-FOR-US: n8n
CVE-2026-21857 (REDAXO is a PHP-based content management system. Prior to
version 5.20 ...)
- TODO: check
+ NOT-FOR-US: REDAXO
CVE-2026-21851 (MONAI (Medical Open Network for AI) is an AI toolkit for
health care i ...)
- TODO: check
+ NOT-FOR-US: MONAI
CVE-2026-21697 (axios4go is a Go HTTP client library. Prior to version 0.6.4,
a race c ...)
- TODO: check
+ NOT-FOR-US: axios4go
CVE-2026-21695 (Titra is open source project time tracking software. In
versions 0.99. ...)
- TODO: check
+ NOT-FOR-US: Titra
CVE-2026-21694 (Titra is open source project time tracking software. Versions
0.99.49 ...)
- TODO: check
+ NOT-FOR-US: Titra
CVE-2026-21693 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
NOT-FOR-US: iccDEV
CVE-2026-21692 (iccDEV provides a set of libraries and tools that allow for
the intera ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aed79cd0b5cc14aa34214f5e3db0fd86ebf44b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6aed79cd0b5cc14aa34214f5e3db0fd86ebf44b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
