Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f61cc9ac by Salvatore Bonaccorso at 2026-06-11T22:53:07+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56,7 +56,7 @@ CVE-2026-53737 (Juicer through 1.12.18 fails to escape remote
feed API response
CVE-2026-53736 (Easy Twitter Feeds before 1.2.13 contains a cross-site request
forgery ...)
NOT-FOR-US: WordPress plugin
CVE-2026-53723 (Guzzle Services provides an implementation of the Guzzle
Command libra ...)
- TODO: check
+ NOT-FOR-US: Guzzle Services
CVE-2026-53702 (A stack buffer overflow flaw was found in the GStreamer H.265
codec pa ...)
TODO: check
CVE-2026-53701 (An out-of-bounds write vulnerability was found in GStreamer's
H.266/VV ...)
@@ -110,11 +110,11 @@ CVE-2026-52858 (Vim is an open source, command line text
editor. Prior to versio
CVE-2026-50223 (Improper Control of Generation of Code ('Code Injection')
vulnerabilit ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50131 (Fedify is a TypeScript library for building federated server
apps powe ...)
- TODO: check
+ NOT-FOR-US: Fedify
CVE-2026-50127 (Weblate is a web based localization tool. From version 5.15 to
before ...)
TODO: check
CVE-2026-4764 (A Missing Authorization vulnerability in the playbook import
functiona ...)
- TODO: check
+ NOT-FOR-US: Dialogflow CX on Google Cloud Platform
CVE-2026-4096 (IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP
header injec ...)
NOT-FOR-US: IBM
CVE-2026-49982 (tmp is a temporary file and directory creator for node.js. In
version ...)
@@ -149,9 +149,9 @@ CVE-2026-48724 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2hhq-c99x-492r
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/017c7efe4d63b953b35ab96fc0939ba3620e4739
(7.1.2-24)
CVE-2026-48547 (KanaDojo contains a command injection vulnerability that
allows an att ...)
- TODO: check
+ NOT-FOR-US: KanaDojo
CVE-2026-48546 (KanaDojo before 0.1.18 contains a sandbox escape vulnerability
that al ...)
- TODO: check
+ NOT-FOR-US: KanaDojo
CVE-2026-48110 (Russh is a Rust SSH client & server library. From version
0.34.0 to be ...)
TODO: check
CVE-2026-48108 (Russh is a Rust SSH client & server library. From version
0.34.0-beta. ...)
@@ -159,37 +159,37 @@ CVE-2026-48108 (Russh is a Rust SSH client & server
library. From version 0.34.0
CVE-2026-48107 (Russh is a Rust SSH client & server library. From version
0.37.0 to be ...)
TODO: check
CVE-2026-48011 (Shopware is an open commerce platform. Prior to versions
6.6.10.18 and ...)
- TODO: check
+ NOT-FOR-US: Shopware
CVE-2026-47342 (A privilege escalation vulnerability in Apache OFBiz allows a
low-priv ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-47250 (mcp-server-kubernetes is a Model Context Protocol server for
Kubernete ...)
- TODO: check
+ NOT-FOR-US: mcp-server-kubernetes
CVE-2026-47213 (Boxlite is a sandbox service that allows users to create
lightweight v ...)
- TODO: check
+ NOT-FOR-US: Boxlite
CVE-2026-47189 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47188 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47181 (PenguinMod-BackendApi is the backend api for penguinmod. Prior
to vers ...)
- TODO: check
+ NOT-FOR-US: PenguinMod-BackendApi
CVE-2026-47177 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47176 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47175 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47174 (In Duck Site before version 1.0.1, the repository has a deploy
workflo ...)
- TODO: check
+ NOT-FOR-US: Duck Site
CVE-2026-47173 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47172 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47171 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47170 (Garlic-Hub manages digital signage network \u2014 devices,
content, an ...)
- TODO: check
+ NOT-FOR-US: Garlic-Hub
CVE-2026-47169 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
- TODO: check
+ NOT-FOR-US: Quest Bot
CVE-2026-47167 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
TODO: check
CVE-2026-47163 (Quest Bot is an opensource modern Discord Bot built for
moderation, ut ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f61cc9ac6fabb7300815ae6277a3981a83c74a55
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f61cc9ac6fabb7300815ae6277a3981a83c74a55
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
