Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
db6d4893 by Salvatore Bonaccorso at 2026-06-24T21:55:44+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -99,7 +99,7 @@ CVE-2026-56231 (Capgo before 12.128.2 contains a broken
object level authorizati
CVE-2026-56223 (Capgo before 12.128.2 contains a cross-domain SSO account
takeover vul ...)
NOT-FOR-US: Cap-go
CVE-2026-56121 (Feast before 0.63.0 contains an unsafe deserialization
vulnerability t ...)
- TODO: check
+ NOT-FOR-US: Feast
CVE-2026-56119
REJECTED
CVE-2026-56118
@@ -111,7 +111,7 @@ CVE-2026-56052 (Improper Neutralization of Special Elements
used in an SQL Comma
CVE-2026-55611 (AnythingLLM is an application that turns pieces of content
into contex ...)
NOT-FOR-US: AnythingLLM
CVE-2026-55488 (motionEye (mEye) is an online interface for a piece of
software called ...)
- TODO: check
+ NOT-FOR-US: motionEye (mEye)
CVE-2026-54906 (concurrent-ruby is a modern concurrency tools for Ruby. Prior
to 1.3.7 ...)
TODO: check
CVE-2026-54905 (concurrent-ruby is a modern concurrency tools for Ruby. Prior
to 1.3.7 ...)
@@ -119,14 +119,14 @@ CVE-2026-54905 (concurrent-ruby is a modern concurrency
tools for Ruby. Prior to
CVE-2026-54904 (concurrent-ruby is a modern concurrency tools for Ruby. Prior
to 1.3.7 ...)
TODO: check
CVE-2026-54699 (Warp is an agentic development environment. From
0.2024.03.12.08.02.st ...)
- TODO: check
+ NOT-FOR-US: Warp
CVE-2026-54686 (Warp is an agentic development environment. From
0.2021.04.25.23.05.st ...)
- TODO: check
+ NOT-FOR-US: Warp
CVE-2026-54297 (Faraday is an HTTP client library abstraction layer that
provides a co ...)
- ruby-faraday 2.14.3-1
NOTE:
https://github.com/lostisland/faraday/security/advisories/GHSA-98m9-hrrm-r99r
CVE-2026-53950 (@tryghost/activitypub is Ghost\u2019s social/federation client
app. Pr ...)
- TODO: check
+ NOT-FOR-US: tryghost/activitypub
CVE-2026-53949 (Ghost is a Node.js content management system. From 5.46.1
until 6.21.2 ...)
TODO: check
CVE-2026-53948 (Ghost is a Node.js content management system. From 6.19.4
until 6.21.1 ...)
@@ -142,29 +142,29 @@ CVE-2026-53944 (Ghost is a Node.js content management
system. From 6.0.9 until 6
CVE-2026-53943 (Ghost is a Node.js content management system. From until
6.37.0, when ...)
TODO: check
CVE-2026-50712 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50711 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50710 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50709 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50708 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50705 (A Cross-Site Scripting (XSS) vulnerability exists in Frappe
Framework ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50704 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50703 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50701 (A Reflected Cross-Site Scripting (XSS) vulnerability exists in
Frappe ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50700 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50699 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-50698 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
Frappe Fra ...)
- TODO: check
+ NOT-FOR-US: Frappe
CVE-2026-49980 (Rclone is a command-line program to sync files and directories
to and ...)
TODO: check
CVE-2026-49851 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db6d48937d67b6be4b40418567b24bb7e7be1167
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/db6d48937d67b6be4b40418567b24bb7e7be1167
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits