[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 13 Mar 2026 02:01:24 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c4ecaf23 by Salvatore Bonaccorso at 2026-03-13T10:00:27+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7,25 +7,25 @@ CVE-2026-3909 (Out of bounds write in Skia in Google Chrome 
prior to 146.0.7680.
 CVE-2026-3891 (The Pix for WooCommerce plugin for WordPress is vulnerable to 
arbitrar ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-3611 (The Honeywell IQ4x building management controller, exposes its 
full we ...)
-       TODO: check
+       NOT-FOR-US: Honeywell
 CVE-2026-3045 (The Appointment Booking Calendar \u2014 Simply Schedule 
Appointments p ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-32612 (Statmatic is a Laravel and Git powered content management 
system (CMS) ...)
-       TODO: check
+       NOT-FOR-US: Statmatic CMS
 CVE-2026-32598 (OneUptime is a solution for monitoring and managing online 
services. P ...)
-       TODO: check
+       NOT-FOR-US: OneUptime
 CVE-2026-32597 (PyJWT is a JSON Web Token implementation in Python. Prior to 
2.12.0, P ...)
        TODO: check
 CVE-2026-32322 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to 
22.0.11, 23. ...)
        TODO: check
 CVE-2026-32320 (Ella Core is a 5G core designed for private networks. Prior to 
1.5.1,  ...)
-       TODO: check
+       NOT-FOR-US: Ella Core
 CVE-2026-32319 (Ella Core is a 5G core designed for private networks. Prior to 
1.5.1,  ...)
-       TODO: check
+       NOT-FOR-US: Ella Core
 CVE-2026-32308 (OneUptime is a solution for monitoring and managing online 
services. P ...)
-       TODO: check
+       NOT-FOR-US: OneUptime
 CVE-2026-32306 (OneUptime is a solution for monitoring and managing online 
services. P ...)
-       TODO: check
+       NOT-FOR-US: OneUptime
 CVE-2026-32304 (Locutus brings stdlibs of other programming languages to 
JavaScript fo ...)
        TODO: check
 CVE-2026-32302 (OpenClaw is a personal AI assistant. Prior to 2026.3.11, 
browser-origi ...)
@@ -140,7 +140,7 @@ CVE-2026-32259 (ImageMagick is free and open-source 
software used for editing an
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/df934b4721173f8dda33c6d007f9811669640e86
 (7.1.2-16)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/812ff3ef91967d367aa7a087a31b94f3b2a267ee
 (6.9.13-41)
 CVE-2026-32251 (Tolgee is an open-source localization platform. Prior to 
3.166.3, the  ...)
-       TODO: check
+       NOT-FOR-US: Tolgee
 CVE-2026-32249 (Vim is an open source, command line text editor. From 9.1.0011 
to befo ...)
        - vim <unfixed>
        [bookworm] - vim <not-affected> (Vulnerable code not present)
@@ -177,7 +177,7 @@ CVE-2026-32232 (ZeptoClaw is a personal AI assistant. Prior 
to 0.7.6, there is a
 CVE-2026-32231 (ZeptoClaw is a personal AI assistant. Prior to 0.7.6, the 
generic webh ...)
        NOT-FOR-US: ZeptoClaw
 CVE-2026-32230 (Uptime Kuma is an open source, self-hosted monitoring tool. 
From 2.0.0 ...)
-       TODO: check
+       NOT-FOR-US: Uptime Kuma
 CVE-2026-32142 (Shopware is an open commerce platform. /api/_info/config route 
exposes ...)
        NOT-FOR-US: Shopware
 CVE-2026-32141 (flatted is a circular JSON parser. Prior to 3.4.0, flatted's 
parse() f ...)
@@ -187,7 +187,7 @@ CVE-2026-32140 (Dataease is an open source data 
visualization analysis tool. Pri
 CVE-2026-32139 (Dataease is an open source data visualization analysis tool. 
In DataEa ...)
        NOT-FOR-US: DataEase
 CVE-2026-32138 (NEXULEAN is a cybersecurity portfolio & service platform for 
an Ethica ...)
-       TODO: check
+       NOT-FOR-US: NEXULEAN
 CVE-2026-32137 (Dataease is an open source data visualization analysis tool. 
Prior to  ...)
        NOT-FOR-US: DataEase
 CVE-2026-32129 (soroban-poseidon provides Poseidon and Poseidon2 cryptographic 
hash fu ...)
@@ -195,7 +195,7 @@ CVE-2026-32129 (soroban-poseidon provides Poseidon and 
Poseidon2 cryptographic h
 CVE-2026-32116 (Magic Wormhole makes it possible to get arbitrary-sized files 
and dire ...)
        TODO: check
 CVE-2026-32100 (Shopware is an open commerce platform. /api/_info/config route 
exposes ...)
-       TODO: check
+       NOT-FOR-US: Shopware
 CVE-2026-31890 (Inspektor Gadget is a set of tools and framework for data 
collection a ...)
        TODO: check
 CVE-2026-31873 (Unhead is a document head and template manager. Prior to 
2.1.11, The l ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4ecaf2338eff2d1f1cee4d84a34d122a322a105

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4ecaf2338eff2d1f1cee4d84a34d122a322a105
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to