Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b3d0a089 by Salvatore Bonaccorso at 2026-01-23T16:27:21+01:00
Fix some notes
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -317,7 +317,7 @@ CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic
library that provide
CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF).
Starting ...)
- golang-github-theupdateframework-go-tuf <unfixed>
NOTE:
https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-fphv-w9fq-2525
- NOTE: Fixed by;
https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0
(v2.3.1)
+ NOTE: Fixed by:
https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0
(v2.3.1)
CVE-2026-23991 (go-tuf is a Go implementation of The Update Framework (TUF).
Starting ...)
- golang-github-theupdateframework-go-tuf <unfixed>
NOTE:
https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-846p-jg2w-w324
@@ -5366,7 +5366,7 @@ CVE-2026-22702 (virtualenv is a tool for creating
isolated virtual python enviro
[bookworm] - python-virtualenv <no-dsa> (Minor issue)
NOTE:
https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986
NOTE: https://github.com/pypa/virtualenv/pull/3013
- NOTE: Fixed by;
https://github.com/pypa/virtualenv/commit/dec4cec5d16edaf83a00a658f32d1e032661cebc
(20.36.1)
+ NOTE: Fixed by:
https://github.com/pypa/virtualenv/commit/dec4cec5d16edaf83a00a658f32d1e032661cebc
(20.36.1)
CVE-2026-22701 (filelock is a platform-independent file lock for Python. Prior
to vers ...)
- python-filelock <unfixed> (bug #1125190)
[trixie] - python-filelock <no-dsa> (Minor issue)
@@ -5407,7 +5407,7 @@ CVE-2026-22690 (pypdf is a free and open-source
pure-python PDF library. Prior t
[bullseye] - pypdf2 <postponed> (Minor issue)
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg
NOTE: https://github.com/py-pdf/pypdf/pull/3594
- NOTE: Fixed by;
https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
(6.6.0)
+ NOTE: Fixed by:
https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
(6.6.0)
CVE-2026-22689 (Mailpit is an email testing tool and API for developers. Prior
to vers ...)
NOT-FOR-US: Mailpit
CVE-2026-22688 (WeKnora is an LLM-powered framework designed for deep document
underst ...)
@@ -145261,7 +145261,7 @@ CVE-2024-48992 (Qualys discovered that needrestart,
before version 3.8, allows l
{DSA-5815-1 DLA-3957-1}
- needrestart 3.7-3.1
NOTE: https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
- NOTE: Fixed by;
https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f
(v3.8)
+ NOTE: Fixed by:
https://github.com/liske/needrestart/commit/b5f25f6ec6e7dd0c5be249e4e45de4ee9ffe594f
(v3.8)
CVE-2024-48991 (Qualys discovered that needrestart, before version 3.8, allows
local a ...)
{DSA-5815-1 DLA-3957-1}
- needrestart 3.7-3.1
@@ -162908,7 +162908,7 @@ CVE-2024-8949 (A vulnerability classified as critical
has been found in SourceCo
CVE-2024-8948 (A vulnerability was found in MicroPython 1.23.0. It has been
rated as ...)
- micropython 1.24.0+ds-1 (bug #1082511)
NOTE: https://github.com/micropython/micropython/issues/13041
- NOTE: Fixed by;
https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894
(v1.24.0)
+ NOTE: Fixed by:
https://github.com/micropython/micropython/commit/908ab1ceca15ee6fd0ef82ca4cba770a3ec41894
(v1.24.0)
CVE-2024-8947 (A vulnerability was found in MicroPython 1.22.2. It has been
declared ...)
- micropython 1.24.0+ds-1 (bug #1082511)
NOTE: https://github.com/micropython/micropython/issues/13283
@@ -380546,7 +380546,7 @@ CVE-2021-45845 (The Path Sanity Check script of
FreeCAD 0.19 is vulnerable to OS
CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter
from Fre ...)
{DSA-5229-1 DLA-3076-1 DLA-2934-1}
- freecad 0.19.4+dfsg1-1 (bug #1005747)
- NOTE: Fixed by;
https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6
(master)
+ NOTE: Fixed by:
https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6
(master)
NOTE: Fixed by:
https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c
(0.19.4)
NOTE: https://tracker.freecad.org/view.php?id=4809
CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site
Scripting (X ...)
@@ -389883,7 +389883,7 @@ CVE-2021-43453 (A Heap-based Buffer Overflow
vulnerability exists in JerryScript
[buster] - iotjs <no-dsa> (Minor issue)
NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808
NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754
- NOTE: Fixed by;
https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f
+ NOTE: Fixed by:
https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f
CVE-2021-43452
RESERVED
CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee
Record Manag ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3d0a089d87c9478d88704060d2155c0e1174356
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b3d0a089d87c9478d88704060d2155c0e1174356
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
