Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
20cb0263 by Salvatore Bonaccorso at 2026-02-28T09:47:26+01:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,19 +3,19 @@ CVE-2026-2647
CVE-2026-2471 (The WP Mail Logging plugin for WordPress is vulnerable to PHP
Object I ...)
NOT-FOR-US: WordPress plugin
CVE-2026-28517 (openDCIM version 23.04, through commit 4467e9c4, contains an
OS comman ...)
- TODO: check
+ NOT-FOR-US: openDCIM
CVE-2026-28516 (openDCIM version 23.04, through commit 4467e9c4, contains a
SQL inject ...)
- TODO: check
+ NOT-FOR-US: openDCIM
CVE-2026-28515 (openDCIM version 23.04, through commit 4467e9c4, contains a
missing au ...)
- TODO: check
+ NOT-FOR-US: openDCIM
CVE-2026-28426 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
- TODO: check
+ NOT-FOR-US: Statmatic CMS
CVE-2026-28425 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
- TODO: check
+ NOT-FOR-US: Statmatic CMS
CVE-2026-28424 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
- TODO: check
+ NOT-FOR-US: Statmatic CMS
CVE-2026-28423 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
- TODO: check
+ NOT-FOR-US: Statmatic CMS
CVE-2026-28422 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
- vim <unfixed>
NOTE: https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf
@@ -33,11 +33,11 @@ CVE-2026-28419 (Vim is an open source, command line text
editor. Prior to versio
NOTE: https://github.com/vim/vim/security/advisories/GHSA-xcc8-r6c5-hvwv
NOTE: Fixed by:
https://github.com/vim/vim/commit/9b7dfa2948c9e1e5e32a5812812d580c7879f4a0
(v9.2.0075)
CVE-2026-28416 (Gradio is an open-source Python package designed for quick
prototyping ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-28415 (Gradio is an open-source Python package designed for quick
prototyping ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-28414 (Gradio is an open-source Python package designed for quick
prototyping ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-28411 (WeGIA is a web manager for charitable institutions. Prior to
version 3 ...)
NOT-FOR-US: WeGIA
CVE-2026-28409 (WeGIA is a web manager for charitable institutions. Prior to
version 3 ...)
@@ -45,39 +45,39 @@ CVE-2026-28409 (WeGIA is a web manager for charitable
institutions. Prior to ver
CVE-2026-28408 (WeGIA is a web manager for charitable institutions. Prior to
version 3 ...)
NOT-FOR-US: WeGIA
CVE-2026-28407 (malcontent is software for discovering supply-chain
compromises throug ...)
- TODO: check
+ NOT-FOR-US: chainguard-dev malcontent (different from src:malcontent)
CVE-2026-28406 (kaniko is a tool to build container images from a Dockerfile,
inside a ...)
- TODO: check
+ NOT-FOR-US: kaniko
CVE-2026-28402 (nimiq/core-rs-albatross is a Rust implementation of the Nimiq
Proof-of ...)
- TODO: check
+ NOT-FOR-US: nimiq/core-rs-albatross
CVE-2026-28400 (Docker Model Runner (DMR) is software used to manage, run, and
deploy ...)
- TODO: check
+ NOT-FOR-US: Docker Model Runner (DMR)
CVE-2026-28355 (Canarytokens help track activity and actions on a network.
Versions pr ...)
- TODO: check
+ NOT-FOR-US: Canarytokens
CVE-2026-28352 (Indico is an event management system that uses
Flask-Multipass, a mult ...)
- TODO: check
+ NOT-FOR-US: Indico
CVE-2026-28351 (pypdf is a free and open-source pure-python PDF library. Prior
to vers ...)
TODO: check
CVE-2026-28338 (PMD is an extensible multilanguage static code analyzer. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: PMD
CVE-2026-28288 (Dify is an open-source LLM app development platform. Prior to
1.9.0, r ...)
- TODO: check
+ NOT-FOR-US: Dify
CVE-2026-28272 (Kiteworks is a private data network (PDN). Prior to version
9.2.0, a v ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-28271 (Kiteworks is a private data network (PDN). Prior to version
9.2.0, a v ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-28270 (Kiteworks is a private data network (PDN). Prior to version
9.2.0, a v ...)
- TODO: check
+ NOT-FOR-US: Kiteworks
CVE-2026-28268 (Vikunja is an open-source self-hosted task management
platform. Versio ...)
- TODO: check
+ NOT-FOR-US: Vikunja
CVE-2026-28231 (pillow_heif is a Python library for working with HEIF images
and plugi ...)
- TODO: check
+ NOT-FOR-US: pillow_heif Python library
CVE-2026-27939 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
- TODO: check
+ NOT-FOR-US: Statmatic CMS
CVE-2026-27759 (Featured Image from Content (featured-image-from-content)
WordPress pl ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-27167 (Gradio is an open-source Python package designed for quick
prototyping ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-1542 (The Super Stage WP WordPress plugin through 1.0.1 unserializes
user in ...)
NOT-FOR-US: WordPress plugin
CVE-2025-13673 (The Tutor LMS \u2013 eLearning and online course solution
plugin for W ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cb0263f0d794c87d42dbed837ad620388660d4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/20cb0263f0d794c87d42dbed837ad620388660d4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
