Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c275ad8d by Moritz Muehlenhoff at 2026-07-01T23:40:58+02:00
NFUs

- - - - -
6e73c236 by Moritz Muehlenhoff at 2026-07-01T23:41:10+02:00
auto-nfu: Extend mediawiki rule

- - - - -


2 changed files:

- data/CVE/list
- data/packages/nfu.yaml


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2026-6682 (In FatFS R0.16 and earlier contains a FAT32 
integer overflow bug
 CVE-2026-6283 (Improper neutralization of input during web page generation 
('cross-si ...)
        NOT-FOR-US: DivvyDrive
 CVE-2026-5220 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: DivvyDrive
 CVE-2026-5142 (A flaw was found in foreman. Authenticated users with 
'view_keypairs'  ...)
        - foreman <itp> (bug #663101)
 CVE-2026-5138 (A flaw was found in Foreman. An authenticated user with 
host-edit perm ...)
@@ -33,7 +33,7 @@ CVE-2026-5135 (A flaw was found in Foreman. This broken 
access control vulnerabi
 CVE-2026-5120 (A Race Condition vulnerability affecting BIOVIA Workbook from 
Release  ...)
        NOT-FOR-US: Dassault Systemes
 CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit 
device valid ...)
-       TODO: check
+       NOT-FOR-US: HashiCorp
 CVE-2026-58521 (Improper neutralization of special elements used in an SQL 
command ('S ...)
        NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-58520 (URL redirection to untrusted site ('open redirect') 
vulnerability in T ...)
@@ -47,7 +47,7 @@ CVE-2026-58453 (JAIOTlink C492A-W6 Wi-Fi IP cameras running 
firmware 4.8.30.5770
 CVE-2026-58452 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware 
4.8.30.57701411 c ...)
        NOT-FOR-US: JAIOTlink C492A-W6 Wi-Fi IP cameras
 CVE-2026-58451 (Horde IMP before 7.0.1 contains a path traversal vulnerability 
in lib/ ...)
-       TODO: check
+       - horde3 <removed>
 CVE-2026-58399 (@acastellon/auth is an authentication control system for 
microservices ...)
        TODO: check
 CVE-2026-58127 (PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service 
on port ...)


=====================================
data/packages/nfu.yaml
=====================================
@@ -854,6 +854,7 @@
       - product: MediaWiki - ReportIncident Extension
       - product: Mediawiki - Score Extension
       - product: Mediawiki - Translate Extension
+      - product: Mediawiki - UrlShortener Extension
       - product: MediaWiki - VisualData Extension
       - product: Mediawiki - Wikibase Extension
       - product: Mediawiki - WikiLambda Extension



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/942a24ff9c5776ddb2b36b9d6fd4dcc265780ae1...6e73c236a4883bcab7bf7b2ecb20ea552deb765a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/942a24ff9c5776ddb2b36b9d6fd4dcc265780ae1...6e73c236a4883bcab7bf7b2ecb20ea552deb765a
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to