Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3ebe918b by Moritz Muehlenhoff at 2026-03-06T18:07:22+01:00
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -141,33 +141,33 @@ CVE-2026-28709 (Unauthorized resource manipulation due to
improper authorization
CVE-2026-28685 (Kimai is a web-based multi-user time-tracking application.
Prior to ve ...)
TODO: check
CVE-2026-28683 (Gokapi is a self-hosted file sharing server with automatic
expiration ...)
- TODO: check
+ NOT-FOR-US: Gokapi
CVE-2026-28682 (Gokapi is a self-hosted file sharing server with automatic
expiration ...)
- TODO: check
+ NOT-FOR-US: Gokapi
CVE-2026-28681 (Internet Routing Registry daemon version 4 is an IRR database
server, ...)
TODO: check
CVE-2026-28680 (Ghostfolio is an open source wealth management software. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: Ghostfolio
CVE-2026-28679 (Home-Gallery.org is a self-hosted open-source web gallery to
browse pe ...)
- TODO: check
+ NOT-FOR-US: Home-Gallery.org
CVE-2026-28677 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-28676 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-28675 (OpenSift is an AI study tool that sifts through large datasets
using s ...)
- TODO: check
+ NOT-FOR-US: OpenSift
CVE-2026-28509 (LangBot is a global IM bot platform designed for LLMs. Prior
to versio ...)
- TODO: check
+ NOT-FOR-US: LangBot
CVE-2026-28508 (Idno is a social publishing platform. Prior to version 1.6.4,
a logic ...)
- TODO: check
+ NOT-FOR-US: Idno
CVE-2026-28507 (Idno is a social publishing platform. Prior to version 1.6.4,
there is ...)
- TODO: check
+ NOT-FOR-US: Idno
CVE-2026-28502 (WWBN AVideo is an open source video platform. Prior to version
24.0, a ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-28501 (WWBN AVideo is an open source video platform. Prior to version
24.0, a ...)
- TODO: check
+ NOT-FOR-US: WWBN AVideo
CVE-2026-28497 (TinyWeb is a web server (HTTP, HTTPS) written in Delphi for
Win32. Pri ...)
- TODO: check
+ NOT-FOR-US: TinyWeb
CVE-2026-28492 (File Browser provides a file managing interface within a
specified dir ...)
TODO: check
CVE-2026-28486 (OpenClaw versions 2026.1.16-2 prior to 2026.2.14 contain a
path traver ...)
@@ -4673,8 +4673,8 @@ CVE-2026-25638 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88
(7.1.2-14)
CVE-2026-25637 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick 8:7.1.2.15+dfsg1-1
- [bookworm] - imagemagick <not-affected> (vulnerable code introduced
later)
- [bullseye] - imagemagick <not-affected> (vulnerable code introduced
later)
+ [bookworm] - imagemagick <not-affected> (Vulnerable code not present,
ASHLAR decoder introduced in IM7)
+ [bullseye] - imagemagick <not-affected> (Vulnerable code not present,
ASHLAR decoder introduced in IM7)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gm37-qx7w-p258
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/30ce0e8efbd72fd6b50ed3a10ae22f57c8901137
(7.1.2-14)
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick/commit/114356949267dc1e04dc0d5c460ca1c05833504a
(7.0.10-23)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebe918b92f434d5577222aaafdbed05a8644c95
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3ebe918b92f434d5577222aaafdbed05a8644c95
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
