Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6f9f2b66 by Salvatore Bonaccorso at 2026-07-09T10:12:50+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17,7 +17,7 @@ CVE-2026-6896 (GitLab has remediated an issue in GitLab EE 
affecting all version
 CVE-2026-6352 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
        NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-60105 (Monsta FTP before 2.14.5 contains a server-side request 
forgery vulner ...)
-       TODO: check
+       NOT-FOR-US: Monsta FTP
 CVE-2026-60104 (Bitwarden Server before 2026.6.0 does not verify that the 
email in a P ...)
        TODO: check
 CVE-2026-5923 (Malicious use of a stolen cookie might allow modifications to 
the cont ...)
@@ -41,23 +41,23 @@ CVE-2026-59936 (pypdf is a free and open-source pure-python 
PDF library. Prior t
 CVE-2026-59935 (pypdf is a free and open-source pure-python PDF library. Prior 
to 6.14 ...)
        TODO: check
 CVE-2026-59822 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-59821 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-59820 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-59819 (LiteLLM is a proxy server (AI Gateway) to call LLM APIs in 
OpenAI (or  ...)
-       TODO: check
+       NOT-FOR-US: LiteLLM
 CVE-2026-59818 (etcd is a distributed key-value store for the data of a 
distributed sy ...)
        TODO: check
 CVE-2026-59807 (Composio SDK before 0.2.32-beta.283 contains a path validation 
bypass  ...)
-       TODO: check
+       NOT-FOR-US: Composio SDK
 CVE-2026-59806 (Gradio before 6.20.0 contains an open redirect and server-side 
request ...)
-       TODO: check
+       NOT-FOR-US: Gradio
 CVE-2026-59805 (Gumroad before 2026.07.06.2 contains a broken access control 
vulnerabi ...)
-       TODO: check
+       NOT-FOR-US: Gumroad
 CVE-2026-59804 (Midscene Bridge Server through 1.10.3, fixed in commit 
86f4118, contai ...)
-       TODO: check
+       NOT-FOR-US: Midscene Bridge Server
 CVE-2026-59803 (rpcx through 1.9.3, fixed in commit 047aec1, contains a 
denial-of-serv ...)
        TODO: check
 CVE-2026-59802 (PasswordPusher before 2.8.1 accepts data URI schemes in URL 
push paylo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9f2b66a7d02b23fb3db69f811b30826bde21f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6f9f2b66a7d02b23fb3db69f811b30826bde21f2
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to