Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c275ad8d by Moritz Muehlenhoff at 2026-07-01T23:40:58+02:00
NFUs
- - - - -
6e73c236 by Moritz Muehlenhoff at 2026-07-01T23:41:10+02:00
auto-nfu: Extend mediawiki rule
- - - - -
2 changed files:
- data/CVE/list
- data/packages/nfu.yaml
Changes:
=====================================
data/CVE/list
=====================================
@@ -21,7 +21,7 @@ CVE-2026-6682 (In FatFS R0.16 and earlier contains a FAT32
integer overflow bug
CVE-2026-6283 (Improper neutralization of input during web page generation
('cross-si ...)
NOT-FOR-US: DivvyDrive
CVE-2026-5220 (Improper neutralization of input during web page generation
('cross-si ...)
- TODO: check
+ NOT-FOR-US: DivvyDrive
CVE-2026-5142 (A flaw was found in foreman. Authenticated users with
'view_keypairs' ...)
- foreman <itp> (bug #663101)
CVE-2026-5138 (A flaw was found in Foreman. An authenticated user with
host-edit perm ...)
@@ -33,7 +33,7 @@ CVE-2026-5135 (A flaw was found in Foreman. This broken
access control vulnerabi
CVE-2026-5120 (A Race Condition vulnerability affecting BIOVIA Workbook from
Release ...)
NOT-FOR-US: Dassault Systemes
CVE-2026-5051 (HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit
device valid ...)
- TODO: check
+ NOT-FOR-US: HashiCorp
CVE-2026-58521 (Improper neutralization of special elements used in an SQL
command ('S ...)
NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-58520 (URL redirection to untrusted site ('open redirect')
vulnerability in T ...)
@@ -47,7 +47,7 @@ CVE-2026-58453 (JAIOTlink C492A-W6 Wi-Fi IP cameras running
firmware 4.8.30.5770
CVE-2026-58452 (JAIOTlink C492A-W6 Wi-Fi IP cameras running firmware
4.8.30.57701411 c ...)
NOT-FOR-US: JAIOTlink C492A-W6 Wi-Fi IP cameras
CVE-2026-58451 (Horde IMP before 7.0.1 contains a path traversal vulnerability
in lib/ ...)
- TODO: check
+ - horde3 <removed>
CVE-2026-58399 (@acastellon/auth is an authentication control system for
microservices ...)
TODO: check
CVE-2026-58127 (PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service
on port ...)
=====================================
data/packages/nfu.yaml
=====================================
@@ -854,6 +854,7 @@
- product: MediaWiki - ReportIncident Extension
- product: Mediawiki - Score Extension
- product: Mediawiki - Translate Extension
+ - product: Mediawiki - UrlShortener Extension
- product: MediaWiki - VisualData Extension
- product: Mediawiki - Wikibase Extension
- product: Mediawiki - WikiLambda Extension
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/942a24ff9c5776ddb2b36b9d6fd4dcc265780ae1...6e73c236a4883bcab7bf7b2ecb20ea552deb765a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/942a24ff9c5776ddb2b36b9d6fd4dcc265780ae1...6e73c236a4883bcab7bf7b2ecb20ea552deb765a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits