[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) Fri, 08 May 2026 23:26:04 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dc840785 by Salvatore Bonaccorso at 2026-05-09T08:24:43+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -87,7 +87,7 @@ CVE-2026-41889 (pgx is a PostgreSQL driver and toolkit for 
Go. Prior to version
 CVE-2026-41887 (Flarum is open-source forum software. Prior to versions 1.8.16 
and 2.0 ...)
        NOT-FOR-US: Flarum
 CVE-2026-41886 (locize is a localization platform that connects code and i18n 
setup. P ...)
-       TODO: check
+       NOT-FOR-US: locize
 CVE-2026-41885 (i18next-locize-backend is a simple i18next backend for 
locize.com whic ...)
        NOT-FOR-US: i18next-locize-backend
 CVE-2026-41883 (OmniFaces is a utility library for Faces. Prior to versions 
1.14.2, 2. ...)
@@ -99,53 +99,53 @@ CVE-2026-41690 (18next-http-middleware is a middleware to 
be used with Node.js w
 CVE-2026-41683 (i18next-http-middleware is a middleware to be used with 
Node.js web fr ...)
        NOT-FOR-US: i18next-http-middleware
 CVE-2026-41591 (Marko is a declarative, HTML-based language for building web 
apps. Pri ...)
-       TODO: check
+       NOT-FOR-US: Marko
 CVE-2026-41588 (RELATE is a web-based courseware package. Prior to commit 
2f68e16, the ...)
-       TODO: check
+       NOT-FOR-US: RELATE
 CVE-2026-41585 (ZEBRA is a Zcash node written entirely in Rust. From zebrad 
versions 2 ...)
-       TODO: check
+       NOT-FOR-US: ZEBRA
 CVE-2026-41584 (ZEBRA is a Zcash node written entirely in Rust. Prior to 
zebrad versio ...)
-       TODO: check
+       NOT-FOR-US: ZEBRA
 CVE-2026-41583 (ZEBRA is a Zcash node written entirely in Rust. Prior to 
zebrad versio ...)
-       TODO: check
+       NOT-FOR-US: ZEBRA
 CVE-2026-41576 (Brave CMS is an open-source CMS. Prior to commit 6c56603, the 
contact  ...)
-       TODO: check
+       NOT-FOR-US: Brave CMS
 CVE-2026-41575 (In th30d4y/IP from version 1.0.1 to before version 2.0.1, a 
DOM-Based  ...)
-       TODO: check
+       NOT-FOR-US: th30d4y/IP
 CVE-2026-41574 (Nhost is an open source Firebase alternative with GraphQL. 
Prior to ve ...)
-       TODO: check
+       NOT-FOR-US: Nhost
 CVE-2026-41570 (PHPUnit is a testing framework for PHP. In versions 12.5.21 
and 13.1.5 ...)
        TODO: check
 CVE-2026-41524 (Brave CMS is an open-source CMS. Prior to commit 6c56603, page 
and art ...)
-       TODO: check
+       NOT-FOR-US: Brave CMS
 CVE-2026-41512 (ai-scanner is an AI model safety scanner built on NVIDIA 
garak. From v ...)
-       TODO: check
+       NOT-FOR-US: ai-scanner
 CVE-2026-41511 (OpenMcdf is a fully .NET / C# library to manipulate Compound 
File Bina ...)
-       TODO: check
+       NOT-FOR-US: OpenMcdf
 CVE-2026-41509 (CROSS implementation contains reference and optimized 
implementations  ...)
-       TODO: check
+       NOT-FOR-US: CROSS
 CVE-2026-41507 (math-codegen generates code from mathematical expressions. 
Prior to ve ...)
-       TODO: check
+       NOT-FOR-US: math-codegen
 CVE-2026-41506 (go-git is an extensible git implementation library written in 
pure Go. ...)
        - golang-github-go-git-go-git <unfixed>
        NOTE: 
https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963
        NOTE: Fixed by: 
https://github.com/go-git/go-git/commit/bcd20a9c525826081262a06a9ed9c3167abfcd53
 (v5.18.0)
 CVE-2026-41497 (PraisonAI is a multi-agent teams system. Prior to version 
4.6.9, the f ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-41496 (PraisonAI is a multi-agent teams system. Prior to praisonai 
version 4. ...)
-       TODO: check
+       NOT-FOR-US: PraisonAI
 CVE-2026-41493 (YARD is a Ruby Documentation tool. Prior to version 0.9.42, a 
path tra ...)
        TODO: check
 CVE-2026-41491 (Dapr is a portable, event-driven, runtime for building 
distributed app ...)
-       TODO: check
+       NOT-FOR-US: Dapr
 CVE-2026-41487 (Langfuse is an open source large language model engineering 
platform.  ...)
-       TODO: check
+       NOT-FOR-US: Langfuse
 CVE-2026-41423 (Angular is a development platform for building mobile and 
desktop web  ...)
        TODO: check
 CVE-2026-41308 (Password Pusher is an open source application to communicate 
sensitive ...)
-       TODO: check
+       NOT-FOR-US: Password Pusher
 CVE-2026-41161 (Sync-in Server is a secure, open-source platform for file 
storage, sha ...)
-       TODO: check
+       NOT-FOR-US: Sync-in Server
 CVE-2026-41070 (openvpn-auth-oauth2 is a plugin/management interface client 
for OpenVP ...)
        TODO: check
 CVE-2026-3318 (Open redirection vulnerability in the latest demo version of 
the Cradl ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8407853b3cfe52bb711e8b6830bcae5839ec28

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc8407853b3cfe52bb711e8b6830bcae5839ec28
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to