[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Wed, 01 Apr 2026 23:22:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
91e6abcb by Salvatore Bonaccorso at 2026-04-02T08:22:19+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -87,19 +87,19 @@ CVE-2026-34445 (Open Neural Network Exchange (ONNX) is an 
open standard for mach
        NOTE: 
https://github.com/onnx/onnx/security/advisories/GHSA-538c-55jv-c5g9
        NOTE: https://github.com/onnx/onnx/pull/7751
 CVE-2026-34430 (ByteDance Deer-Flow versions prior to commit 92c7a20 containa 
sandbox  ...)
-       TODO: check
+       NOT-FOR-US: ByteDance Deer-Flow
 CVE-2026-34397 (Himmelblau is an interoperability suite for Microsoft Azure 
Entra ID a ...)
        NOT-FOR-US: Himmelblau
 CVE-2026-34376 (PdfDing is a selfhosted PDF manager, viewer and editor 
offering a seam ...)
        NOT-FOR-US: PdfDing
 CVE-2026-34236 (Auth0-PHP is a PHP SDK for Auth0 Authentication and Management 
APIs. F ...)
-       TODO: check
+       NOT-FOR-US: Auth0-PHP
 CVE-2026-34222 (Open WebUI is a self-hosted artificial intelligence platform 
designed  ...)
        NOT-FOR-US: Open WebUI
 CVE-2026-34159 (llama.cpp is an inference of several LLM models in C/C++. 
Prior to ver ...)
        TODO: check
 CVE-2026-34076 (Clerk JavaScript is the official JavaScript repository for 
Clerk authe ...)
-       TODO: check
+       NOT-FOR-US: Clerk
 CVE-2026-34072 (Cr*nMaster (cronmaster) is a Cronjob management UI with human 
readable ...)
        NOT-FOR-US: Next.js
 CVE-2026-33990 (Docker Model Runner (DMR) is software used to manage, run, and 
deploy  ...)
@@ -616,9 +616,9 @@ CVE-2026-34215 (Parse Server is an open source backend that 
can be deployed to a
 CVE-2026-34214 (Trino is a distributed SQL query engine for big data 
analytics. From v ...)
        NOT-FOR-US: Trino
 CVE-2026-34210 (mppx is a TypeScript interface for machine payments protocol. 
Prior to ...)
-       TODO: check
+       NOT-FOR-US: mppx
 CVE-2026-34209 (mppx is a TypeScript interface for machine payments protocol. 
Prior to ...)
-       TODO: check
+       NOT-FOR-US: mppx
 CVE-2026-34206 (Captcha Protect is a Traefik middleware to add an anti-bot 
challenge t ...)
        TODO: check
 CVE-2026-34204 (MinIO is a high-performance object storage system. Prior to 
version RE ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e6abcbd3c2007544b749abbf736b49cd30640d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91e6abcbd3c2007544b749abbf736b49cd30640d
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to