Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
98679ecf by Salvatore Bonaccorso at 2026-06-23T21:41:54+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -39,29 +39,29 @@ CVE-2026-56371 (ImageMagick before 7.1.2-15 and 6.9.13-40 
contains a memory leak
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/e6394098af39a9689bb5f0b4eb6a9968e449a8d3
 (7.1.2-14)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/073e3e31bb8f3646db365994cf618e998853bef7
 (6.9.13-39)
 CVE-2026-56322 (Capgo before 12.128.2 contains an information disclosure 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56315 (picklescan before 1.0.4 fails to block at least seven Python 
standard  ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2026-56301 (Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running 
the dev ...)
-       TODO: check
+       NOT-FOR-US: Nuxt
 CVE-2026-56275 (Flowise before 3.1.0 contains a server-side request forgery 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56274 (Flowise before 3.1.2 contains multiple OS command injection 
vulnerabil ...)
-       TODO: check
+       NOT-FOR-US: Flowise
 CVE-2026-56263 (Crawl4AI before 0.8.7 contains a stored cross-site scripting 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Crawl4AI
 CVE-2026-56258 (Crawl4AI before 0.8.8 contains an arbitrary file write 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Crawl4AI
 CVE-2026-56248 (Cap-go capgo (capgo-backend) before 12.128.12 contains an 
unauthentica ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56243 (Capgo before 12.128.2 contains a security control bypass 
vulnerability ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56234 (Capgo before 12.128.2 contains a credential validation 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56225 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56222 (Capgo before 12.128.2 contains an authorization bypass 
vulnerability i ...)
-       TODO: check
+       NOT-FOR-US: Cap-go
 CVE-2026-56117 (dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a 
heap use-af ...)
        TODO: check
 CVE-2026-56116 (dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a 
memory leak ...)
@@ -73,69 +73,69 @@ CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit 
2f00c7b, contains a one-b
 CVE-2026-56113 (dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a 
heap use-af ...)
        TODO: check
 CVE-2026-55736 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
-       TODO: check
+       NOT-FOR-US: ash-project ash
 CVE-2026-55517 (Deno is a JavaScript, TypeScript, and WebAssembly runtime. 
Prior to 2. ...)
-       TODO: check
+       NOT-FOR-US: Deno
 CVE-2026-55450 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-55447 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-55446 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-55423 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-55255 (Langflow is a tool for building and deploying AI-powered 
agents and wo ...)
-       TODO: check
+       NOT-FOR-US: Langflow
 CVE-2026-55249 (@rtk-ai/rtk-rewrite transparently rewrites shell commands 
executed via ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-54892 (Inefficient algorithmic complexity in Plug's nested-parameter 
decoder  ...)
        TODO: check
 CVE-2026-54324 (Daytona is a secure and elastic infrastructure runtime for 
AI-generate ...)
-       TODO: check
+       NOT-FOR-US: Daytona
 CVE-2026-54323 (Daytona is a secure and elastic infrastructure runtime for 
AI-generate ...)
-       TODO: check
+       NOT-FOR-US: Daytona
 CVE-2026-54322 (Daytona is a secure and elastic infrastructure runtime for 
AI-generate ...)
-       TODO: check
+       NOT-FOR-US: Daytona
 CVE-2026-54321 (Daytona is a secure and elastic infrastructure runtime for 
AI-generate ...)
-       TODO: check
+       NOT-FOR-US: Daytona
 CVE-2026-54320 (Daytona is a secure and elastic infrastructure runtime for 
AI-generate ...)
-       TODO: check
+       NOT-FOR-US: Daytona
 CVE-2026-54319 (Daytona is a secure and elastic infrastructure runtime for 
AI-generate ...)
-       TODO: check
+       NOT-FOR-US: Daytona
 CVE-2026-54318 (Home Assistant is open source home automation software that 
puts local ...)
-       TODO: check
+       NOT-FOR-US: Home Assistant
 CVE-2026-54317 (Home Assistant is open source home automation software that 
puts local ...)
-       TODO: check
+       NOT-FOR-US: Home Assistant
 CVE-2026-54316 (Claude Code is an agentic coding tool.  From 0.2.54 until 
2.1.163, bec ...)
-       TODO: check
+       NOT-FOR-US: Claude Code
 CVE-2026-54314 (n8n is an open source workflow automation platform. Prior to 
2.24.0, t ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54313 (n8n is an open source workflow automation platform. Prior to 
2.24.0, a ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54312 (n8n is an open source workflow automation platform. Prior to 
2.24.0, a ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54311 (n8n is an open source workflow automation platform. Prior to 
2.25.7 an ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54310 (n8n is an open source workflow automation platform. Prior to 
2.25.7 an ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54309 (n8n is an open source workflow automation platform. Prior to 
2.25.7 an ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54308 (n8n is an open source workflow automation platform. Prior to 
2.25.7 an ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54307 (n8n is an open source workflow automation platform. Prior to 
1.123.55, ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54306 (n8n is an open source workflow automation platform. Prior to 
2.25.7 an ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54305 (n8n is an open source workflow automation platform. Prior to 
1.123.55, ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54304 (n8n is an open source workflow automation platform. Prior to 
1.123.55, ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54303 (n8n is an open source workflow automation platform. Prior to 
2.24.0, a ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54302 (n8n is an open source workflow automation platform. Prior to 
1.123.55, ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54301 (n8n is an open source workflow automation platform. Prior to 
1.123.55, ...)
-       TODO: check
+       NOT-FOR-US: n8n
 CVE-2026-54257 (Electron is a framework for writing cross-platform desktop 
application ...)
        TODO: check
 CVE-2026-54157 (LobeHub is a work-and-lifestyle space to find, build, and 
collaborate  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98679ecfa3c86d82a5c756921a73c0cf2aa0fc95

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98679ecfa3c86d82a5c756921a73c0cf2aa0fc95
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to