Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f9f2b66 by Salvatore Bonaccorso at 2026-07-09T10:12:50+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2026-6896 (GitLab has remediated an issue in GitLab EE
affecting all version
CVE-2026-6352 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-60105 (Monsta FTP before 2.14.5 contains a server-side request
forgery vulner ...)
- TODO: check
+ NOT-FOR-US: Monsta FTP
CVE-2026-60104 (Bitwarden Server before 2026.6.0 does not verify that the
email in a P ...)
TODO: check
CVE-2026-5923 (Malicious use of a stolen cookie might allow modifications to
the cont ...)
@@ -41,23 +41,23 @@ CVE-2026-59936 (pypdf is a free and open-source pure-python
PDF library. Prior t
CVE-2026-59935 (pypdf is a free and open-source pure-python PDF library. Prior
to 6.14 ...)
TODO: check
CVE-2026-59822 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
- TODO: check
+ NOT-FOR-US: LiteLLM
CVE-2026-59821 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
- TODO: check
+ NOT-FOR-US: LiteLLM
CVE-2026-59820 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
- TODO: check
+ NOT-FOR-US: LiteLLM
CVE-2026-59819 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in
OpenAI (or ...)
- TODO: check
+ NOT-FOR-US: LiteLLM
CVE-2026-59818 (etcd is a distributed key-value store for the data of a
distributed sy ...)
TODO: check
CVE-2026-59807 (Composio SDK before 0.2.32-beta.283 contains a path validation
bypass ...)
- TODO: check
+ NOT-FOR-US: Composio SDK
CVE-2026-59806 (Gradio before 6.20.0 contains an open redirect and server-side
request ...)
- TODO: check
+ NOT-FOR-US: Gradio
CVE-2026-59805 (Gumroad before 2026.07.06.2 contains a broken access control
vulnerabi ...)
- TODO: check
+ NOT-FOR-US: Gumroad
CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed in commit
86f4118, contai ...)
- TODO: check
+ NOT-FOR-US: Midscene Bridge Server
CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a
denial-of-serv ...)
TODO: check
CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL
push paylo ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9f2b66a7d02b23fb3db69f811b30826bde21f2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9f2b66a7d02b23fb3db69f811b30826bde21f2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits