Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
db6d4893 by Salvatore Bonaccorso at 2026-06-24T21:55:44+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99,7 +99,7 @@ CVE-2026-56231 (Capgo before 12.128.2 contains a broken 
object level authorizati
 CVE-2026-56223 (Capgo before 12.128.2 contains a cross-domain SSO account 
takeover vul ...)
        NOT-FOR-US: Cap-go
 CVE-2026-56121 (Feast before 0.63.0 contains an unsafe deserialization 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Feast
 CVE-2026-56119
        REJECTED
 CVE-2026-56118
@@ -111,7 +111,7 @@ CVE-2026-56052 (Improper Neutralization of Special Elements 
used in an SQL Comma
 CVE-2026-55611 (AnythingLLM is an application that turns pieces of content 
into contex ...)
        NOT-FOR-US: AnythingLLM
 CVE-2026-55488 (motionEye (mEye) is an online interface for a piece of 
software called ...)
-       TODO: check
+       NOT-FOR-US: motionEye (mEye)
 CVE-2026-54906 (concurrent-ruby is a modern concurrency tools for Ruby. Prior 
to 1.3.7 ...)
        TODO: check
 CVE-2026-54905 (concurrent-ruby is a modern concurrency tools for Ruby. Prior 
to 1.3.7 ...)
@@ -119,14 +119,14 @@ CVE-2026-54905 (concurrent-ruby is a modern concurrency 
tools for Ruby. Prior to
 CVE-2026-54904 (concurrent-ruby is a modern concurrency tools for Ruby. Prior 
to 1.3.7 ...)
        TODO: check
 CVE-2026-54699 (Warp is an agentic development environment. From 
0.2024.03.12.08.02.st ...)
-       TODO: check
+       NOT-FOR-US: Warp
 CVE-2026-54686 (Warp is an agentic development environment. From 
0.2021.04.25.23.05.st ...)
-       TODO: check
+       NOT-FOR-US: Warp
 CVE-2026-54297 (Faraday is an HTTP client library abstraction layer that 
provides a co ...)
        - ruby-faraday 2.14.3-1
        NOTE: 
https://github.com/lostisland/faraday/security/advisories/GHSA-98m9-hrrm-r99r
 CVE-2026-53950 (@tryghost/activitypub is Ghost\u2019s social/federation client 
app. Pr ...)
-       TODO: check
+       NOT-FOR-US: tryghost/activitypub
 CVE-2026-53949 (Ghost is a Node.js content management system. From 5.46.1 
until 6.21.2 ...)
        TODO: check
 CVE-2026-53948 (Ghost is a Node.js content management system. From 6.19.4 
until 6.21.1 ...)
@@ -142,29 +142,29 @@ CVE-2026-53944 (Ghost is a Node.js content management 
system. From 6.0.9 until 6
 CVE-2026-53943 (Ghost is a Node.js content management system. From  until 
6.37.0, when ...)
        TODO: check
 CVE-2026-50712 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50711 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50710 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50709 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50708 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50705 (A Cross-Site Scripting (XSS) vulnerability exists in Frappe 
Framework  ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50704 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50703 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50701 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in 
Frappe  ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50700 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50699 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-50698 (A Stored Cross-Site Scripting (XSS) vulnerability exists in 
Frappe Fra ...)
-       TODO: check
+       NOT-FOR-US: Frappe
 CVE-2026-49980 (Rclone is a command-line program to sync files and directories 
to and  ...)
        TODO: check
 CVE-2026-49851 (Mistune is a Python Markdown parser with renderers and 
plugins. Prior  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db6d48937d67b6be4b40418567b24bb7e7be1167

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db6d48937d67b6be4b40418567b24bb7e7be1167
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to