Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bc929582 by Salvatore Bonaccorso at 2026-06-23T14:01:18+02:00
Process some more NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -82,7 +82,7 @@ CVE-2026-54530 (pypdf is a free and open-source pure-python
PDF library. Prior t
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4
NOTE: https://github.com/py-pdf/pypdf/pull/3830
CVE-2026-54281 (Nest is a framework for building scalable Node.js server-side
applicat ...)
- TODO: check
+ NOT-FOR-US: Nest
CVE-2026-54236 (vLLM is an inference and serving engine for large language
models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2026-54235 (vLLM is an inference and serving engine for large language
models (LLM ...)
@@ -108,29 +108,29 @@ CVE-2026-49460 (pypdf is a free and open-source
pure-python PDF library. Prior t
CVE-2026-48746 (vLLM is an inference and serving engine for large language
models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2026-48517 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48516 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48515 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48514 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48513 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48512 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48511 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48510 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48509 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48506 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48505 (Filament is a collection of full-stack components for
accelerated Lara ...)
NOT-FOR-US: Filament
CVE-2026-48502 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48500 (Filament is a collection of full-stack components for
accelerated Lara ...)
NOT-FOR-US: Filament
CVE-2026-48167 (Filament is a collection of full-stack components for
accelerated Lara ...)
@@ -138,7 +138,7 @@ CVE-2026-48167 (Filament is a collection of full-stack
components for accelerate
CVE-2026-48166 (Filament is a collection of full-stack components for
accelerated Lara ...)
NOT-FOR-US: Filament
CVE-2026-48109 (MessagePack for C# is a MessagePack serializer for C#. Prior
to 2.5.30 ...)
- TODO: check
+ NOT-FOR-US: MessagePack-CSharp
CVE-2026-48067 (Filament is a collection of full-stack components for
accelerated Lara ...)
NOT-FOR-US: Filament
CVE-2026-47242 (Net::IMAP implements Internet Message Access Protocol (IMAP)
client fu ...)
@@ -150,13 +150,13 @@ CVE-2026-47240 (Net::IMAP implements Internet Message
Access Protocol (IMAP) cli
CVE-2026-47155 (vLLM is an inference and serving engine for large language
models (LLM ...)
- vllm <itp> (bug #1095237)
CVE-2026-45034 (PhpSpreadsheet is a pure PHP library for reading and writing
spreadshe ...)
- TODO: check
+ NOT-FOR-US: PhpSpreadsheet
CVE-2026-44889 (WebOb provides objects for HTTP requests and responses. Prior
to 1.8.1 ...)
TODO: check
CVE-2026-44727 (Jupyter Server is the backend for Jupyter web applications.
Prior to 2 ...)
TODO: check
CVE-2026-44311 (Fabric.js is a Javascript HTML5 canvas library. Prior to
7.4.0, a pote ...)
- TODO: check
+ NOT-FOR-US: Fabric.js
CVE-2026-44274 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605,
contain ...)
NOT-FOR-US: Dell / EMC
CVE-2026-44273 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605,
contain ...)
@@ -170,7 +170,7 @@ CVE-2026-41523 (vLLM is an inference and serving engine for
large language model
CVE-2026-41479 (Authlib is a Python library which builds OAuth and OpenID
Connect serv ...)
TODO: check
CVE-2026-39904 (Gophish through 0.12.1 contains a denial of service
vulnerability that ...)
- TODO: check
+ NOT-FOR-US: Gophish
CVE-2026-12866 (All versions of the package expr-eval are vulnerable to Code
Execution ...)
TODO: check
CVE-2026-11833 (Overview: A vulnerability has been found in FAST/TOOLS and CI
Server. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc9295827652d2d8ed6f48798952c1011eac52ef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc9295827652d2d8ed6f48798952c1011eac52ef
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits