auto-update[111371]: Committed `e0f6e05` on `auto-update`. Summary of this run:
auto-update[111371]: **Changes recorded:**
auto-update[111371]: - EPSS re-scored 2026-05-26: percentile 78.128 → 78.098 (score unchanged at 0.010840); updated Summary table and Verification log
auto-update[111371]: - CISA KEV catalog: 1602 → 1603 entries; CVE-2026-43284 still not listed
auto-update[111371]: - Removed stale "down from 0.014670 / 81.127th on 2026-05-23" historical parenthetical per CLAUDE.md convention
auto-update[111371]: **Verified no change in:**
auto-update[111371]: - Upstream kernel point releases (all current: v7.0.10/v6.18.33/v6.12.91/v6.6.141/v6.1.174/v5.15.208/v5.10.257)
auto-update[111371]: - `nixos-25.11` still at 7.0.9/6.18.32/6.12.90 — still vulnerable to CVE-2026-46300
auto-update[111371]: - `nixos-25.11-small`, `nixos-unstable`, `nixos-unstable-small` all remain at 7.0.10/6.18.33/6.12.91 (fixed)
auto-update[111371]: - RxRPC improvement commits `8bfab4b6ffc2`/`d2bc90cf6c75` still not backported to any stable branch
auto-update[111371]: - Rocky Linux 9/10 RLSA equivalents for CVE-2026-46300 still absent from errata feed
auto-update[111371]: - Amazon Linux: no CVE-2026-46300 advisories published
auto-update[111371]: - Debian: no new package uploads observed; all suites at previously-recorded versions

auto-update[112000]: The new commit `d2bfdbb69cf8` is an unrelated NULL deref race in `rds_tcp_set_callbacks()` — different `Fixes:` tag, different file (`net/rds/tcp.c`), no connection to PinTheft.
auto-update[112000]: ## Summary of verification (2026-05-27)
auto-update[112000]: | Check | Result |
auto-update[112000]: |---|---|
auto-update[112000]: | **Stable kernel versions** | All match tracker exactly: 7.0.10, 6.18.33, 6.12.91, 6.6.141, 6.1.174, 5.15.208, 5.10.257 |
auto-update[112000]: | **6.1.y / 5.15.y / 5.10.y fix status** | Neither `44b550d88b26` nor `e17492979319` found in any of these branches — still vulnerable |
auto-update[112000]: | **netdev/net.git new RDS work** | One new commit (`d2bfdbb69cf8`) — unrelated NULL deref in `rds_tcp.c`, different `Fixes:` tag |
auto-update[112000]: | **vulns.git CVE published** | Still only in `cve/review/proposed/v7.0.7-sasha` — not yet in `cve/published/` |
auto-update[112000]: | **Debian** | No DSA issued; all suites (bullseye/bookworm/trixie/sid) still unfixed per Debian security tracker |
auto-update[112000]: | **Proxmox** | PSA-2026-00022-1 unchanged; no fixed `proxmox-kernel` package |
auto-update[112000]: | **Amazon Linux** | No ALAS advisory for CVE-2026-43494 |
auto-update[112000]: | **Arch Linux** | Already `:white_check_mark:` Fixed as of 7.0.10.arch1-1 — no change |
auto-update[112000]: | **NixOS / Fedora / Rocky** | No change |
auto-update[112000]: Everything is consistent with the state verified on 2026-05-25. No new backports, no new DSAs, no fixed distro packages have appeared in the last two days. This is a **no-op run** — the tracker is current and I'm leaving the file unmodified.

auto-update[112360]: All data is in. Let me summarize what I found vs. what the tracker currently shows:
auto-update[112360]: **Debian** (from security tracker):
auto-update[112360]: - sid: `1.30.1-3` fixed ✓ — unchanged
auto-update[112360]: - forky: `1.30.1-3` fixed ✓ — unchanged
auto-update[112360]: - trixie / trixie (security): `1.26.3-3+deb13u4` / `1.26.3-3+deb13u5` vulnerable ✓ — unchanged
auto-update[112360]: - bookworm / bookworm (security): `1.22.1-9+deb12u6` / `1.22.1-9+deb12u7` vulnerable ✓ — unchanged
auto-update[112360]: - bullseye / bullseye (security): `1.18.0-6.1+deb11u3` / `1.18.0-6.1+deb11u6` vulnerable ✓ — unchanged
auto-update[112360]: **pkgsrc**:
auto-update[112360]: - `www/nginx`: `nginx-1.30.1` (no PKGREVISION), no CVE-2026-9256 patch — unchanged
auto-update[112360]: - `www/nginx-devel`: `nginx-1.29.6` (no PKGREVISION), no CVE-2026-9256 patch — unchanged
auto-update[112360]: **NixOS channels** — all channels advanced their revisions, but nginx versions are identical to what the tracker already records:
auto-update[112360]: | Channel | New rev (10-char) | nginxMainline | nginxStable | Change? |
auto-update[112360]: |---|---|---|---|---|
auto-update[112360]: | nixos-unstable | `64c08a7c` | 1.31.1 | 1.30.2 | same rev, no change |
auto-update[112360]: | nixos-unstable-small | `d5a98e48` | 1.31.1 | 1.30.2 | rev advanced, versions same → sticky |
auto-update[112360]: | nixos-25.11 | `b77b3de8` | 1.29.7 | 1.28.3 | rev advanced, versions same → sticky |
auto-update[112360]: | nixos-25.11-small | `d60e39a6` | 1.29.7 | 1.28.3 | rev advanced, versions same → sticky |
auto-update[112360]: | nixpkgs-unstable | `f9d8b659` | 1.31.1 | 1.30.2 | rev advanced, versions same → sticky |
auto-update[112360]: Per the sticky-revision rule: channel-pointer advances with unchanged nginx versions are not tracker updates. All verdicts (fixed/vulnerable) and all nginx version strings are identical to what the tracker recorded on 2026-05-26.
auto-update[112360]: **Nothing has changed.** The tracker is fully up to date. No edit, no `lastmod` bump, no commit.