Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
77371ffc by Salvatore Bonaccorso at 2026-01-09T08:56:49+01:00
Update trcking for CVE-2026-22185/{openldap,lmdb}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -331,10 +331,13 @@ CVE-2026-22186 (Bio-Formats versions up to and including
8.3.0 contain an XML Ex
NOT-FOR-US: Bio-Formats
CVE-2026-22185 (OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up
to and in ...)
- openldap <unfixed> (unimportant)
+ - lmdb <unfixed>
+ [trixie] - lmdb <no-dsa> (Minor issue)
+ [bookworm] - lmdb <no-dsa> (Minor issue)
NOTE: https://seclists.org/fulldisclosure/2026/Jan/5
NOTE: https://bugs.openldap.org/show_bug.cgi?id=10421
NOTE: Fixed by:
https://git.openldap.org/openldap/openldap/-/commit/8e1fda85532a3c74276df38a42d234dcdfa1e40d
(
- NOTE: Crash in CLI tool, no security impact
+ NOTE: OpenLDAP bundles lmdb but does not build mdb_load.c
CVE-2026-22184 (zlib versions up to and including 1.3.1.2 contain a global
buffer over ...)
- zlib 1:1.2.6.dfsg-1 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/06/5
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77371ffcebf0bfcec60f8b3d5a03c0ef880e840c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77371ffcebf0bfcec60f8b3d5a03c0ef880e840c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
