Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84b1a550 by Salvatore Bonaccorso at 2026-07-16T07:20:00+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
 CVE-2026-9007 (Improper neutralization of input during web page generation 
('cross-si ...)
-       TODO: check
+       NOT-FOR-US: HCL Notes
 CVE-2026-8281
        REJECTED
 CVE-2026-8055
@@ -143,13 +143,13 @@ CVE-2026-61464 (ImageMagick before 7.1.2-26 and 6.9.13-51 
contains a heap-based
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/378bfc12bf7bbc4d9ab081120873efef935ebd85
 (7.1.2-26)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/d0aa5c9e09e0cf5e400309ca76ae886a980b0555
 (6.9.13-51)
 CVE-2026-61457 (The Grav API plugin (getgrav/grav-plugin-api) before 1.0.3 
contains a  ...)
-       TODO: check
+       NOT-FOR-US: Grav API plugin
 CVE-2026-61453 (Grav v2.0.0 contains a cross-site scripting vulnerability 
(fixed in 2. ...)
-       TODO: check
+       NOT-FOR-US: Grav CMS
 CVE-2026-61452 (The Grav API plugin (getgrav/grav-plugin-api) before 2.0.4 
contains an ...)
-       TODO: check
+       NOT-FOR-US: Grav API plugin
 CVE-2026-61451 (The Grav API plugin (grav-plugin-api) before 1.0.4 does not 
validate t ...)
-       TODO: check
+       NOT-FOR-US: Grav API plugin
 CVE-2026-61449 (Grav 2.0.1 contains a decompression-bomb size-cap bypass in 
ZipArchive ...)
        NOT-FOR-US: Grav CMS
 CVE-2026-61446 (PraisonAI (praisonaiagents) before 1.6.78 contains a remote 
code execu ...)
@@ -171,7 +171,7 @@ CVE-2026-61430 (PraisonAI before 1.6.78 contains a 
server-side request forgery v
 CVE-2026-61427 (PraisonAI before 4.6.78 exposes the MCP HTTP-stream transport 
without  ...)
        NOT-FOR-US: PraisonAI
 CVE-2026-61371 (Microsoft AVML before 0.17.0 could follow a symlink when 
opening a des ...)
-       TODO: check
+       NOT-FOR-US: Microsoft AVML
 CVE-2026-60087 (PraisonAI before 1.6.78 caches tool approval decisions by tool 
name on ...)
        NOT-FOR-US: PraisonAI
 CVE-2026-60085 (PraisonAI before 4.6.78 contains an unenforced security policy 
vulnera ...)
@@ -183,9 +183,9 @@ CVE-2026-60062 (The NGINX Agent config_dirsdirective allows 
a low-privileged att
 CVE-2026-60005 (NGINX Plus and NGINX Open Source have a vulnerability in the 
ngx_http_ ...)
        TODO: check
 CVE-2026-59955 (Apollo is a reliable configuration management system suitable 
for micr ...)
-       TODO: check
+       NOT-FOR-US: Apollo
 CVE-2026-59954 (Apollo is a reliable configuration management system suitable 
for micr ...)
-       TODO: check
+       NOT-FOR-US: Apollo
 CVE-2026-59838 (A improper neutralization of script-related html tags in a web 
page (b ...)
        NOT-FOR-US: Fortinet
 CVE-2026-59762 (When an HTTP/2 profile is configured on a virtual server, 
undisclosed  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84b1a55050db265ba8811ef543c334e007b71649

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84b1a55050db265ba8811ef543c334e007b71649
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to