[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Tue, 07 Apr 2026 04:23:12 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a6cc17ef by Salvatore Bonaccorso at 2026-04-07T13:21:17+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,13 +105,13 @@ CVE-2026-35213 (@hapi/content provided HTTP Content-* 
headers parsing. All versi
 CVE-2026-35208 (lichess.org is the forever free, adless and open source chess 
server.  ...)
        TODO: check
 CVE-2026-35203 (ZLMediaKit is a streaming media service framework. the VP9 RTP 
payload ...)
-       TODO: check
+       NOT-FOR-US: ZLMediaKit
 CVE-2026-35201 (Discount is an implementation of John Gruber's Markdown markup 
languag ...)
        TODO: check
 CVE-2026-35200 (Parse Server is an open source backend that can be deployed to 
any inf ...)
        NOT-FOR-US: Parse Server
 CVE-2026-35199 (SymCrypt is the core cryptographic function library currently 
used by  ...)
-       TODO: check
+       NOT-FOR-US: SymCrypt
 CVE-2026-35197 (dye is a portable and respectful color library for shell 
scripts. Prio ...)
        TODO: check
 CVE-2026-35187 (pyLoad is a free and open-source download manager written in 
Python. I ...)
@@ -131,21 +131,21 @@ CVE-2026-35180 (WWBN AVideo is an open source video 
platform. In versions 26.0 a
 CVE-2026-35179 (WWBN AVideo is an open source video platform. In versions 26.0 
and pri ...)
        NOT-FOR-US: WWBN AVideo
 CVE-2026-35178 (Workbench is a suite of tools for administrators and 
developers to int ...)
-       TODO: check
+       NOT-FOR-US: Workbench
 CVE-2026-35176 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 
and earlie ...)
-       TODO: check
+       NOT-FOR-US: openFPGALoader
 CVE-2026-35172 (Distribution is a toolkit to pack, ship, store, and deliver 
container  ...)
        TODO: check
 CVE-2026-35170 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 
and earlie ...)
-       TODO: check
+       NOT-FOR-US: openFPGALoader
 CVE-2026-35022 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS 
command i ...)
-       TODO: check
+       NOT-FOR-US: Anthropic Claude
 CVE-2026-35021 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS 
command i ...)
-       TODO: check
+       NOT-FOR-US: Anthropic Claude
 CVE-2026-35020 (Anthropic Claude Code CLI and Claude Agent SDK contain an OS 
command i ...)
-       TODO: check
+       NOT-FOR-US: Anthropic Claude
 CVE-2026-34972 (OpenFGA is a high-performance and flexible 
authorization/permission en ...)
-       TODO: check
+       NOT-FOR-US: OpenFGA
 CVE-2026-22675 (OCS Inventory NG Server version 2.12.3 and prior contain a 
stored cros ...)
        TODO: check
 CVE-2026-20446 (In sec boot, there is a possible out of bounds write due to an 
integer ...)
@@ -331,9 +331,9 @@ CVE-2026-34976 (Dgraph is an open source distributed 
GraphQL database. Prior to
 CVE-2026-34975 (Plunk is an open-source email platform built on top of AWS 
SES. Prior  ...)
        NOT-FOR-US: Plunk
 CVE-2026-34969 (Nhost is an open source Firebase alternative with GraphQL. 
Prior to 0. ...)
-       TODO: check
+       NOT-FOR-US: Nhost
 CVE-2026-34951 (Workbench is a suite of tools for administrators and 
developers to int ...)
-       TODO: check
+       NOT-FOR-US: Workbench
 CVE-2026-34950 (fast-jwt provides fast JSON Web Token (JWT) implementation. In 
6.1.0 a ...)
        NOT-FOR-US: Node fast-jwt
 CVE-2026-34940 (KubeAI is an AI inference operator for kubernetes. Prior to 
0.23.2, th ...)
@@ -396,13 +396,13 @@ CVE-2026-34378 (OpenEXR provides the specification and 
reference implementation
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/088859fb6199e56824c4c9ed60afc825261bfea9
 (main)
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/commit/7a1c64ca74d12bf5f64a912d4e12a651689f8652
 (v3.4.9-rc)
 CVE-2026-34217 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, 
a scope ...)
-       TODO: check
+       NOT-FOR-US: SandboxJS Node module
 CVE-2026-34211 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, 
the @ny ...)
-       TODO: check
+       NOT-FOR-US: SandboxJS Node module
 CVE-2026-34208 (SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, 
Sandbox ...)
-       TODO: check
+       NOT-FOR-US: SandboxJS Node module
 CVE-2026-34148 (Fedify is a TypeScript library for building federated server 
apps powe ...)
-       TODO: check
+       NOT-FOR-US: Fedify
 CVE-2026-33817 (Index out-of-range when encountering a branch page with zero 
elements  ...)
        TODO: check
 CVE-2026-33752 (curl_cffi is the a Python binding for curl. Prior to 0.15.0, 
curl_cffi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cc17efba884a7097b76f947d48179dd69e0821

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cc17efba884a7097b76f947d48179dd69e0821
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to