Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7187cc47 by Salvatore Bonaccorso at 2026-01-17T09:33:16+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5,11 +5,11 @@ CVE-2026-23745 (node-tar is a Tar for Node.js. The node-tar
library (<= 7.5.2) f
NOTE:
https://github.com/isaacs/node-tar/security/advisories/GHSA-8qq5-rm4j-mr97
NOTE: Fixed by:
https://github.com/isaacs/node-tar/commit/340eb285b6d986e91969a1170d7fe9b0face405e
(v7.5.3)
CVE-2026-23744 (MCPJam inspector is the local-first development platform for
MCP serve ...)
- TODO: check
+ NOT-FOR-US: MCPJam inspector
CVE-2026-23742 (Skipper is an HTTP router and reverse proxy for service
composition. T ...)
- TODO: check
+ NOT-FOR-US: Zalando Skipper
CVE-2026-23735 (GraphQL Modules is a toolset of libraries and guidelines
dedicated to ...)
- TODO: check
+ NOT-FOR-US: GraphQL Modules
CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The
PaginatorHelper: ...)
TODO: check
CVE-2026-22865 (Gradle is a build automation tool, and its native-platform
tool provid ...)
@@ -19,7 +19,7 @@ CVE-2026-22816 (Gradle is a build automation tool, and its
native-platform tool
CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM
interface th ...)
NOT-FOR-US: Microsoft
CVE-2026-20960 (Improper authorization in Microsoft Power Apps allows an
authorized at ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2026-0833 (The Team Section Block plugin for WordPress is vulnerable to
Stored Cr ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0820 (The RepairBuddy \u2013 Repair Shop CRM & Booking Plugin for
WordPress ...)
@@ -41,7 +41,7 @@ CVE-2025-5489
CVE-2025-5102
REJECTED
CVE-2025-56451 (Cross site scripting vulnerability in seeyon Zhiyuan A8+
Collaborative ...)
- TODO: check
+ NOT-FOR-US: seeyon Zhiyuan A8+ Collaborative Management Software
CVE-2025-15529 (A vulnerability was found in Open5GS up to 2.7.6. Affected by
this iss ...)
TODO: check
CVE-2025-15528 (A vulnerability has been found in Open5GS up to 2.7.6.
Affected by thi ...)
@@ -79,9 +79,9 @@ CVE-2024-8506
CVE-2024-8491
REJECTED
CVE-2019-25297 (Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress
plugin ver ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2012-10064 (Omni Secure Files plugin versions prior to 0.1.14 contain an
arbitrary ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-23731 (WeGIA is a web manager for charitable institutions. Prior to
3.6.2, Th ...)
NOT-FOR-US: WeGIA
CVE-2026-23730 (WeGIA is a web manager for charitable institutions. Prior to
3.6.2, an ...)
@@ -274,9 +274,9 @@ CVE-2025-15497
NOTE: Introduced with:
https://github.com/OpenVPN/openvpn/commit/92adbc88b1b37095cebde2a1c5b6ae242f382678
(v2.7_alpha1)
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/e0e0720ac35e4929ed0a9b47d5509907802bc718
CVE-2026-23769 (lucy-xss-filter before commit e5826c0 allows an attacker to
execute ma ...)
- TODO: check
+ NOT-FOR-US: lucy-xss-filter
CVE-2026-23768 (lucy-xss-filter before commit 7c1de6d allows an attacker to
induce ser ...)
- TODO: check
+ NOT-FOR-US: lucy-xss-filter
CVE-2026-23714
REJECTED
CVE-2026-23713
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7187cc4724268f6254a2838362013e62389f71fe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7187cc4724268f6254a2838362013e62389f71fe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
