[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Sat, 14 Mar 2026 02:27:07 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
76b96e07 by Salvatore Bonaccorso at 2026-03-14T10:25:43+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -415,7 +415,7 @@ CVE-2026-31897 (FreeRDP is a free implementation of the 
Remote Desktop Protocol.
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xgv6-r22m-7c9x
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/cd27c8faca0eeb0d4309cc5837dfdf3c42eba4e7
 (3.24.0)
 CVE-2026-31886 (Dagu is a workflow engine with a built-in Web user interface. 
Prior to ...)
-       TODO: check
+       NOT-FOR-US: Dagu
 CVE-2026-31885 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.24.0+dfsg-1
        - freerdp2 <removed>
@@ -433,9 +433,9 @@ CVE-2026-31883 (FreeRDP is a free implementation of the 
Remote Desktop Protocol.
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-85x9-4xxp-xhm5
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8
 (3.24.0)
 CVE-2026-31882 (Dagu is a workflow engine with a built-in Web user interface. 
Prior to ...)
-       TODO: check
+       NOT-FOR-US: Dagu
 CVE-2026-31864 (JumpServer is an open source bastion host and an operation and 
mainten ...)
-       TODO: check
+       NOT-FOR-US: JumpServer
 CVE-2026-31814 (Yamux is a stream multiplexer over reliable, ordered 
connections such  ...)
        TODO: check
 CVE-2026-31806 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
@@ -444,13 +444,13 @@ CVE-2026-31806 (FreeRDP is a free implementation of the 
Remote Desktop Protocol.
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b
 (3.24.0)
 CVE-2026-31798 (JumpServer is an open source bastion host and an operation and 
mainten ...)
-       TODO: check
+       NOT-FOR-US: JumpServer
 CVE-2026-30961 (Gokapi is a self-hosted file sharing server with automatic 
expiration  ...)
-       TODO: check
+       NOT-FOR-US: Gokapi
 CVE-2026-30955 (Gokapi is a self-hosted file sharing server with automatic 
expiration  ...)
-       TODO: check
+       NOT-FOR-US: Gokapi
 CVE-2026-30943 (Gokapi is a self-hosted file sharing server with automatic 
expiration  ...)
-       TODO: check
+       NOT-FOR-US: Gokapi
 CVE-2026-30915 (SFTPGo is an open source, event-driven file transfer solution. 
SFTPGo  ...)
        TODO: check
 CVE-2026-30914 (SFTPGo is an open source, event-driven file transfer solution. 
In SFTP ...)
@@ -785,13 +785,13 @@ CVE-2026-32116 (Magic Wormhole makes it possible to get 
arbitrary-sized files an
 CVE-2026-32100 (Shopware is an open commerce platform. /api/_info/config route 
exposes ...)
        NOT-FOR-US: Shopware
 CVE-2026-31890 (Inspektor Gadget is a set of tools and framework for data 
collection a ...)
-       TODO: check
+       NOT-FOR-US: Inspektor Gadget
 CVE-2026-31873 (Unhead is a document head and template manager. Prior to 
2.1.11, The l ...)
-       TODO: check
+       NOT-FOR-US: Unhead
 CVE-2026-31860 (Unhead is a document head and template manager. Prior to 
2.1.11, useHe ...)
-       TODO: check
+       NOT-FOR-US: Unhead
 CVE-2026-31841 (Hyperterse is a tool-first MCP framework for building AI-ready 
backend ...)
-       TODO: check
+       NOT-FOR-US: Hyperterse
 CVE-2026-2987 (The Simple Ajax Chat plugin for WordPress is vulnerable to 
Stored Cros ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-2514 (In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a 
vulnera ...)
@@ -1402,7 +1402,7 @@ CVE-2026-31868 (Parse Server is an open source backend 
that can be deployed to a
 CVE-2026-31867 (Craft Commerce is an ecommerce platform for Craft CMS. Prior 
to 4.11.0 ...)
        NOT-FOR-US: Craft Commerce
 CVE-2026-31866 (flagd is a feature flag daemon with a Unix philosophy. Prior 
to 0.14.2 ...)
-       TODO: check
+       NOT-FOR-US: flagd
 CVE-2026-31863 (Anytype Heart is the middleware library for Anytype. The 
challenge-bas ...)
        NOT-FOR-US: Anytype Heart
 CVE-2026-31862 (Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for 
Claude C ...)
@@ -1461,7 +1461,7 @@ CVE-2026-28803 (Open Forms allows users create and 
publish smart forms. Prior to
 CVE-2026-28229 (Argo Workflows is an open source container-native workflow 
engine for  ...)
        NOT-FOR-US: Argo CD
 CVE-2026-27897 (Vociferous provides cross-platform, offline speech-to-text 
with local  ...)
-       TODO: check
+       NOT-FOR-US: Vociferous
 CVE-2026-27703 (RIOT is an open-source microcontroller operating system, 
designed to m ...)
        NOT-FOR-US: RIOT-OS
 CVE-2026-27478 (Unity Catalog is an open, multi-modal Catalog for data and AI. 
In 0.4. ...)
@@ -1690,7 +1690,7 @@ CVE-2026-31808 (file-type detects the file type of a 
file, stream, or data. Prio
 CVE-2026-31807 (SiYuan is a personal knowledge management system. Prior to 
3.5.10, SiY ...)
        NOT-FOR-US: SiYuan
 CVE-2026-31801 (zot is ancontainer image/artifact registry based on the Open 
Container ...)
-       TODO: check
+       NOT-FOR-US: zot
 CVE-2026-31800 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-30972 (Parse Server is an open source backend that can be deployed to 
any inf ...)
@@ -1708,7 +1708,7 @@ CVE-2026-30954 (LinkAce is a self-hosted archive to 
collect website links. In 2.
 CVE-2026-30953 (LinkAce is a self-hosted archive to collect website links. 
When a user ...)
        NOT-FOR-US: LinkAce
 CVE-2026-30952 (liquidjs is a Shopify / GitHub Pages compatible template 
engine in pur ...)
-       TODO: check
+       NOT-FOR-US: Node liquidjs
 CVE-2026-30951 (Sequelize is a Node.js ORM tool. Prior to 6.37.8, there is SQL 
injecti ...)
        NOT-FOR-US: Sequelize
 CVE-2026-30949 (Parse Server is an open source backend that can be deployed to 
any inf ...)
@@ -1752,7 +1752,7 @@ CVE-2026-28807 (Improper Limitation of a Pathname to a 
Restricted Directory ('Pa
 CVE-2026-28806 (Improper Authorization vulnerability in nerves-hub 
nerves_hub_web allo ...)
        TODO: check
 CVE-2026-27842 (Authentication bypass issue exists in MR-GM5L-S1 and 
MR-GM5A-L1, which ...)
-       TODO: check
+       NOT-FOR-US: MR-GM5L-S1 and MR-GM5A-L1
 CVE-2026-27278 (Acrobat Reader versions 24.001.30307, 24.001.30308, 
25.001.21265 and e ...)
        NOT-FOR-US: Adobe
 CVE-2026-27272 (Illustrator versions 29.8.4, 30.1 and earlier are affected by 
an out-o ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76b96e07403542faf4bb987ef872431df1dd4c0b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76b96e07403542faf4bb987ef872431df1dd4c0b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to