Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e7687b7c by Moritz Muehlenhoff at 2026-06-30T16:26:14+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -132,21 +132,21 @@ CVE-2026-43676 (An out-of-bounds access issue was 
addressed with improved bounds
 CVE-2026-43663 (The issue was addressed with improved memory handling. This 
issue is f ...)
        NOT-FOR-US: Apple
 CVE-2026-41896 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2026-39872 (The issue was addressed with improved memory handling. This 
issue is f ...)
        NOT-FOR-US: Apple
 CVE-2026-39868 (This issue was addressed with improved input validation. This 
issue is ...)
        NOT-FOR-US: Apple
 CVE-2026-37637 (An issue in Alexantr filemanager v.1.0 allows a remote 
attacker to exe ...)
-       TODO: check
+       NOT-FOR-US: Alexantr filemanager
 CVE-2026-34597 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2026-34594 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2026-34592 (Coolify is an open-source and self-hostable tool for managing 
servers, ...)
-       TODO: check
+       NOT-FOR-US: Coolify
 CVE-2026-31016 (Cross Site Request Forgery vulnerability in Squidex.io Squidex 
CMS v.7 ...)
-       TODO: check
+       NOT-FOR-US: Squidex CMS
 CVE-2026-28979 (An out-of-bounds access issue was addressed with improved 
bounds check ...)
        NOT-FOR-US: Apple
 CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5 
reader. D ...)
@@ -552,7 +552,7 @@ CVE-2026-11979 (libxml2 is vulnerable to multiple 
stack-based buffer overflows i
        NOTE: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c2e233fc1b341685fc99621b2768b503f777a72e
        NOTE: Not considered a security issue upstream
 CVE-2026-11720 (A path traversal vulnerability exists in the HTTP tool URL 
builder of  ...)
-       TODO: check
+       NOT-FOR-US: Google MCP Toolbox for Databases
 CVE-2026-54371 (attr before version 2.6.0 contains a symlink traversal 
vulnerability i ...)
        - attr 1:2.6.0-1 (bug #1141107)
        [trixie] - attr <no-dsa> (Will be fixed first in unstable, then point 
release update)
@@ -1987,7 +1987,7 @@ CVE-2026-10098 (OCSP CertID serial-number 
length-confusion in wolfSSL_OCSP_resp_
 CVE-2026-10097 (wolfSSL's AVX2-optimized ML-KEM implementation 
(mlkem_cmp_avx2) compar ...)
        TODO: check
 CVE-2025-71340 (picklescan through 0.0.26 fails to detect malicious pickle 
files that  ...)
-       TODO: check
+       NOT-FOR-US: picklescan
 CVE-2025-71338 (Flowise contains a path traversal vulnerability in the 
/api/v1/documen ...)
        NOT-FOR-US: Flowise
 CVE-2025-71336 (Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and 
earlier) con ...)
@@ -6340,7 +6340,7 @@ CVE-2026-50184 (Angular is a development platform for 
building mobile and deskto
        NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-95qp-cmmw-mgqv
        NOTE: https://github.com/angular/angular/pull/68904
 CVE-2026-50178 (The Angular Language Service VS Code Extension provides a rich 
editing ...)
-       TODO: check
+       NOT-FOR-US: VS Code extension
 CVE-2026-50171 (Angular is a development platform for building mobile and 
desktop web  ...)
        - angular.js <undetermined>
        NOTE: 
https://github.com/angular/angular/security/advisories/GHSA-p3vc-36g9-x9gr
@@ -6362,7 +6362,7 @@ CVE-2026-49356 (Babel is a compiler for writing next 
generation JavaScript. Prio
        - node-babel7 <unfixed> (bug #1140816)
        NOTE: 
https://github.com/babel/babel/security/advisories/GHSA-4x5r-pxfx-6jf8
 CVE-2026-49241 (The Angular Language Service VS Code Extension provides a rich 
editing ...)
-       TODO: check
+       NOT-FOR-US: VS Code extension
 CVE-2026-48712 (protobufjs compiles protobuf definitions into JavaScript (JS) 
function ...)
        - node-protobufjs <itp> (bug #977564)
 CVE-2026-46417 (Angular is a development platform for building mobile and 
desktop web  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e7687b7cf205a4eba8f9c5751d1d6dde6519b8e8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to