Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bfcf22b9 by Daniel Leidert at 2026-01-16T01:55:12+01:00
add patch/mr link for CVE-2026-0989/libxml2
- - - - -
b3032a8e by Daniel Leidert at 2026-01-16T02:07:24+01:00
lts: mark CVE-2025-68114/capstone as postponed
- - - - -
aa3cb203 by Daniel Leidert at 2026-01-16T02:11:07+01:00
lts: mark CVE-2025-67873/capstone as postponed
- - - - -
05e86190 by Daniel Leidert at 2026-01-16T02:53:57+01:00
add mr link to fix for CVE-2024-50615,CVE-2024-50614/tinyxml2
CVE-2024-50615 is only accessible via debug build. Thus, maybe #1088814 should
be closed...
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97,6 +97,7 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML parsing
library. This uncontr
CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related
to how ...)
- libxml2 <unfixed>
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/998
+ NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
CVE-2026-0976 (A flaw was found in Keycloak. This improper input validation
vulnerabi ...)
- keycloak <itp> (bug #1088287)
CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the
HDF5 weigh ...)
@@ -11992,6 +11993,7 @@ CVE-2025-68114 (Capstone is a disassembly framework. In
versions 6.0.0-Alpha5 an
- capstone <unfixed> (bug #1123739)
[trixie] - capstone <no-dsa> (Minor issue)
[bookworm] - capstone <no-dsa> (Minor issue)
+ [bullseye] - capstone <postponed> (Minor issue)
NOTE:
https://github.com/capstone-engine/capstone/security/advisories/GHSA-85f5-6xr3-q76r
NOTE: Fixed by:
https://github.com/capstone-engine/capstone/commit/2c7797182a1618be12017d7d41e0b6581d5d529e
(next)
CVE-2025-68112 (ChurchCRM is an open-source church management system. In
versions prio ...)
@@ -12012,6 +12014,7 @@ CVE-2025-67873 (Capstone is a disassembly framework. In
versions 6.0.0-Alpha5 an
- capstone <unfixed> (bug #1123740)
[trixie] - capstone <no-dsa> (Minor issue)
[bookworm] - capstone <no-dsa> (Minor issue)
+ [bullseye] - capstone <postponed> (Minor issue)
NOTE:
https://github.com/capstone-engine/capstone/security/advisories/GHSA-hj6g-v545-v7jg
NOTE: Fixed by:
https://github.com/capstone-engine/capstone/commit/cbef767ab33b82166d263895f24084b75b316df3
(next)
CVE-2025-67794 (An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2
before ...)
@@ -149526,12 +149529,14 @@ CVE-2024-50615 (TinyXML2 through 10.0.0 has a
reachable assertion for UINT_MAX/d
[bookworm] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/leethomason/tinyxml2/issues/997
+ NOTE: Fixed by: https://github.com/leethomason/tinyxml2/pull/1009
(10.1.0)
CVE-2024-50614 (TinyXML2 through 10.0.0 has a reachable assertion for
UINT_MAX/16, tha ...)
- tinyxml2 <unfixed> (bug #1088813)
[trixie] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
[bullseye] - tinyxml2 <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/leethomason/tinyxml2/issues/996
+ NOTE: Fixed by: https://github.com/leethomason/tinyxml2/pull/1009
(10.1.0)
CVE-2024-50613 (libsndfile through 1.2.2 has a reachable assertion, that may
lead to a ...)
- libsndfile <unfixed> (bug #1088691)
[trixie] - libsndfile <postponed> (Minor issue, revisit when fixed
upstream)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/417e7d5b2896c6243723b6443a9c17445a6f8cc8...05e86190061ec459fbdc9d2a09e88bbdaa578339
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/417e7d5b2896c6243723b6443a9c17445a6f8cc8...05e86190061ec459fbdc9d2a09e88bbdaa578339
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
