Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc929582 by Salvatore Bonaccorso at 2026-06-23T14:01:18+02:00
Process some more NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -82,7 +82,7 @@ CVE-2026-54530 (pypdf is a free and open-source pure-python 
PDF library. Prior t
        NOTE: 
https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4
        NOTE: https://github.com/py-pdf/pypdf/pull/3830
 CVE-2026-54281 (Nest is a framework for building scalable Node.js server-side 
applicat ...)
-       TODO: check
+       NOT-FOR-US: Nest
 CVE-2026-54236 (vLLM is an inference and serving engine for large language 
models (LLM ...)
        - vllm <itp> (bug #1095237)
 CVE-2026-54235 (vLLM is an inference and serving engine for large language 
models (LLM ...)
@@ -108,29 +108,29 @@ CVE-2026-49460 (pypdf is a free and open-source 
pure-python PDF library. Prior t
 CVE-2026-48746 (vLLM is an inference and serving engine for large language 
models (LLM ...)
        - vllm <itp> (bug #1095237)
 CVE-2026-48517 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48516 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48515 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48514 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48513 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48512 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48511 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48510 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48509 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48506 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48505 (Filament is a collection of full-stack components for 
accelerated Lara ...)
        NOT-FOR-US: Filament
 CVE-2026-48502 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48500 (Filament is a collection of full-stack components for 
accelerated Lara ...)
        NOT-FOR-US: Filament
 CVE-2026-48167 (Filament is a collection of full-stack components for 
accelerated Lara ...)
@@ -138,7 +138,7 @@ CVE-2026-48167 (Filament is a collection of full-stack 
components for accelerate
 CVE-2026-48166 (Filament is a collection of full-stack components for 
accelerated Lara ...)
        NOT-FOR-US: Filament
 CVE-2026-48109 (MessagePack for C# is a MessagePack serializer for C#. Prior 
to 2.5.30 ...)
-       TODO: check
+       NOT-FOR-US: MessagePack-CSharp
 CVE-2026-48067 (Filament is a collection of full-stack components for 
accelerated Lara ...)
        NOT-FOR-US: Filament
 CVE-2026-47242 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
@@ -150,13 +150,13 @@ CVE-2026-47240 (Net::IMAP implements Internet Message 
Access Protocol (IMAP) cli
 CVE-2026-47155 (vLLM is an inference and serving engine for large language 
models (LLM ...)
        - vllm <itp> (bug #1095237)
 CVE-2026-45034 (PhpSpreadsheet is a pure PHP library for reading and writing 
spreadshe ...)
-       TODO: check
+       NOT-FOR-US: PhpSpreadsheet
 CVE-2026-44889 (WebOb provides objects for HTTP requests and responses. Prior 
to 1.8.1 ...)
        TODO: check
 CVE-2026-44727 (Jupyter Server is the backend for Jupyter web applications. 
Prior to 2 ...)
        TODO: check
 CVE-2026-44311 (Fabric.js is a Javascript HTML5 canvas library. Prior to 
7.4.0, a pote ...)
-       TODO: check
+       NOT-FOR-US: Fabric.js
 CVE-2026-44274 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, 
contain  ...)
        NOT-FOR-US: Dell / EMC
 CVE-2026-44273 (Dell Wyse Management Suite (WMS), versions prior to WMS 2605, 
contain  ...)
@@ -170,7 +170,7 @@ CVE-2026-41523 (vLLM is an inference and serving engine for 
large language model
 CVE-2026-41479 (Authlib is a Python library which builds OAuth and OpenID 
Connect serv ...)
        TODO: check
 CVE-2026-39904 (Gophish through 0.12.1 contains a denial of service 
vulnerability that ...)
-       TODO: check
+       NOT-FOR-US: Gophish
 CVE-2026-12866 (All versions of the package expr-eval are vulnerable to Code 
Execution ...)
        TODO: check
 CVE-2026-11833 (Overview:  A vulnerability has been found in FAST/TOOLS and CI 
Server. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc9295827652d2d8ed6f48798952c1011eac52ef

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc9295827652d2d8ed6f48798952c1011eac52ef
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to