Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e94d36cb by Salvatore Bonaccorso at 2026-06-11T22:36:09+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40,21 +40,21 @@ CVE-2026-53911 (Cerebrate before version 1.37 allowed the
id primary key field t
CVE-2026-53901 (Cerebrate before version 1.37 contains a mass-assignment
vulnerability ...)
NOT-FOR-US: Cerebrate
CVE-2026-53777 (Perry before 0.5.1159 contains a path traversal vulnerability
that all ...)
- TODO: check
+ NOT-FOR-US: Perry
CVE-2026-53742 (Simple Link Directory through 9.0.4 echoes embed shortcode
attributes ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53741 (Simple Link Directory through 9.0.4 interpolates the
sld_no_results_fo ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53740 (Yoast Duplicate Post through 4.6 inserts an unescaped post
title and p ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53739 (Yoast Duplicate Post through 4.6 contains a cross-site request
forgery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53738 (Copy & Delete Posts through 1.5.4 lets any plugin-enabled
non-admin ro ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53737 (Juicer through 1.12.18 fails to escape remote feed API
response fields ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53736 (Easy Twitter Feeds before 1.2.13 contains a cross-site request
forgery ...)
- TODO: check
+ NOT-FOR-US: WordPress plugin
CVE-2026-53723 (Guzzle Services provides an implementation of the Guzzle
Command libra ...)
TODO: check
CVE-2026-53702 (A stack buffer overflow flaw was found in the GStreamer H.265
codec pa ...)
@@ -62,9 +62,9 @@ CVE-2026-53702 (A stack buffer overflow flaw was found in the
GStreamer H.265 co
CVE-2026-53701 (An out-of-bounds write vulnerability was found in GStreamer's
H.266/VV ...)
TODO: check
CVE-2026-53661 (Boruta is a standalone authorization server that aims to
implement OAu ...)
- TODO: check
+ NOT-FOR-US: Boruta
CVE-2026-53634 (Sharp is a content management framework built for Laravel as a
package ...)
- TODO: check
+ NOT-FOR-US: Sharp
CVE-2026-53465 (ImageMagick is free and open-source software used for editing
and mani ...)
- imagemagick <unfixed>
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5
@@ -94,7 +94,7 @@ CVE-2026-53460 (ImageMagick is free and open-source software
used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/960367f3318e650ba8544c0ce3844d7897aba43b
(7.1.2-25)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/3396cbf4049c4576814b45bb6094ac3ad5493115
(6.9.13-50)
CVE-2026-53423 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: membraneframework membrane_mp4_plugin
CVE-2026-52860 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
- vim <unfixed>
NOTE: https://github.com/vim/vim/security/advisories/GHSA-65p9-mwwx-7468
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94d36cb6604eb2a915b7581af0bfb20b1f23a2b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e94d36cb6604eb2a915b7581af0bfb20b1f23a2b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
