Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8fb9bf53 by Salvatore Bonaccorso at 2026-07-02T11:21:43+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,9 +59,9 @@ CVE-2026-55688 (The AsyncHttpClient (AHC) library allows Java
applications to ea
NOTE: Fixed by:
https://github.com/AsyncHttpClient/async-http-client/commit/e6955c1e3951cf80e286981d064f6c926ce33f47
(async-http-client-project-3.0.11)
NOTE: Fixed by:
https://github.com/AsyncHttpClient/async-http-client/commit/8e4069cf3c92abe099db5fb13378ac2fe9e1fd3b
(async-http-client-project-2.16.0)
CVE-2026-55661 (Tina is a headless content management system. In versions
prior to @ti ...)
- TODO: check
+ NOT-FOR-US: Tina CMS
CVE-2026-55660 (Tina is a headless content management system. In versions
prior to @ti ...)
- TODO: check
+ NOT-FOR-US: Tina CMS
CVE-2026-55153 (mchange-commons-java is a Java library of shared utility
classes used ...)
TODO: check
CVE-2026-54908 (Pion DTLS is a Go implementation of Datagram Transport Layer
Security. ...)
@@ -380,7 +380,7 @@ CVE-2026-56152 (Incorrect Authorization (CWE-863) in
Elastic Defend can lead to
CVE-2026-56151 (Improper Input Validation (CWE-20) in Kibana can lead to a
denial of s ...)
- kibana <itp> (bug #700337)
CVE-2026-56150 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Flee ...)
- TODO: check
+ NOT-FOR-US: Fleet Server
CVE-2026-56149 (Allocation of Resources Without Limits or Throttling (CWE-770)
in Elas ...)
TODO: check
CVE-2026-56148 (Uncontrolled Recursion (CWE-674) in Elasticsearch can lead to
a denial ...)
@@ -957,7 +957,7 @@ CVE-2026-56224 (Capgo console.capgo.app/login before
12.128.2 accepts access_tok
CVE-2026-56219 (Capgo before 12.128.2 contains a NULL-auth bypass
vulnerability in the ...)
NOT-FOR-US: Cap-go
CVE-2026-55721 (Storage Concentrator (SC & SCVM) is vulnerable to SQL
injection throug ...)
- TODO: check
+ NOT-FOR-US: Storage Concentrator (SC & SCVM)
CVE-2026-55223 (c3p0 is a JDBC Connection pooling library. In versions prior
to 0.14.0 ...)
TODO: check
CVE-2026-54903 (Oj (Optimized JSON) is a JSON parser and Object marshaller
packaged as ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb9bf532e1b5aa488ed8d028e3218803d994d95
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8fb9bf532e1b5aa488ed8d028e3218803d994d95
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits