Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
aeadde2a by Salvatore Bonaccorso at 2026-01-22T07:27:43+01:00
Process two NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -378,7 +378,7 @@ CVE-2026-21640 (HackerOne community member Faraz Ahmed
(PakCyberbot) has reporte
CVE-2026-1035 (A flaw was found in the Keycloak server during refresh token
processin ...)
- keycloak <itp> (bug #1088287)
CVE-2026-0933 (SummaryA command injection vulnerability (CWE-78) has been
found to ex ...)
- TODO: check
+ NOT-FOR-US: cloudflare workers-sdk
CVE-2026-0865 (User-controlled header names and values containing newlines can
allow ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
@@ -402,7 +402,7 @@ CVE-2025-68133 (EVerest is an EV charging software stack.
In versions 2025.9.0 a
CVE-2025-66902 (An input validation issue in in Pithikos websocket-server
v.0.6.4 allo ...)
NOT-FOR-US: Pithikos websocket-server
CVE-2025-66692 (A buffer over-read in the PublicKey::verify() method of
Binance - Trus ...)
- TODO: check
+ NOT-FOR-US: trustwallet / wallet-core
CVE-2025-63648 (A NULL pointer dereference in the
dacp_reply_playqueueedit_move functi ...)
NOT-FOR-US: owntone-server
CVE-2025-63647 (A NULL pointer dereference in the parse_meta function
(src/httpd_daap. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeadde2aa385ae8a311865ad82cf7fbe89d5134f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aeadde2aa385ae8a311865ad82cf7fbe89d5134f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
