[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) Sun, 25 Jan 2026 12:13:24 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
ecef6b53 by security tracker role at 2026-01-25T20:12:56+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,82 +1,98 @@
-CVE-2026-23013 [net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ 
rollback]
+CVE-2026-1406 (A vulnerability was determined in lcg0124 BootDo up to 
5ccd963c7405803 ...)
+       TODO: check
+CVE-2020-36937 (Microvirt MEMU Play 3.7.0 contains an unquoted service path 
vulnerabil ...)
+       TODO: check
+CVE-2020-36936 (Magic Mouse 2 Utilities 2.20 contains an unquoted service path 
vulnera ...)
+       TODO: check
+CVE-2020-36935 (KMSpico 17.1.0.0 contains an unquoted service path 
vulnerability in th ...)
+       TODO: check
+CVE-2020-36934 (Deep Instinct Windows Agent 1.2.24.0 contains an unquoted 
service path ...)
+       TODO: check
+CVE-2020-36933 (HTC IPTInstaller 4.0.9 contains an unquoted service path 
vulnerability ...)
+       TODO: check
+CVE-2020-36932 (SeaCMS 11.1 contains a stored cross-site scripting 
vulnerability in th ...)
+       TODO: check
+CVE-2020-36931 (Click2Magic 1.1.5 contains a stored cross-site scripting 
vulnerability ...)
+       TODO: check
+CVE-2026-23013 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux <unfixed>
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/f93fc5d12d69012788f82151bee55fce937e1432 (6.19-rc6)
-CVE-2026-23012 [mm/damon/core: remove call_control in inactive contexts]
+CVE-2026-23012 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux <unfixed>
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/f9132fbc2e83baf2c45a77043672a63a675c9394 (6.19-rc6)
-CVE-2026-23011 [ipv4: ip_gre: make ipgre_header() robust]
+CVE-2026-23011 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/e67c577d89894811ce4dcd1a9ed29d8b63476667 (6.19-rc6)
-CVE-2026-23010 [ipv6: Fix use-after-free in inet6_addr_del().]
+CVE-2026-23010 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux <unfixed>
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/ddf96c393a33aef4887e2e406c76c2f8cda1419c (6.19-rc6)
-CVE-2026-23009 [xhci: sideband: don't dereference freed ring when removing 
sideband endpoint]
+CVE-2026-23009 (In the Linux kernel, the following vulnerability has been 
resolved:  x ...)
        - linux <unfixed>
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/dd83dc1249737b837ac5d57c81f2b0977c613d9f (6.19-rc6)
-CVE-2026-23008 [drm/vmwgfx: Fix KMS with 3D on HW version 10]
+CVE-2026-23008 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux <unfixed>
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/d9186faeae6efb7d0841a5e8eb213ff4c7966614 (6.19-rc6)
-CVE-2026-23007 [block: zero non-PI portion of auto integrity buffer]
+CVE-2026-23007 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
        - linux <unfixed>
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/ca22c566b89164f6e670af56ecc45f47ef3df819 (6.19-rc6)
-CVE-2026-23006 [ASoC: tlv320adcx140: fix null pointer]
+CVE-2026-23006 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
        - linux <unfixed>
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/be7664c81d3129fc313ef62ff275fd3d33cfecd4 (6.19-rc6)
-CVE-2026-23005 [x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever 
XFD[i]=1]
+CVE-2026-23005 (In the Linux kernel, the following vulnerability has been 
resolved:  x ...)
        - linux <unfixed>
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/b45f721775947a84996deb5c661602254ce25ce6 (6.19-rc6)
-CVE-2026-23004 [dst: fix races in rt6_uncached_list_del() and 
rt_del_uncached_list()]
+CVE-2026-23004 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/9a6f0c4d5796ab89b5a28a890ce542344d58bd69 (6.19-rc6)
-CVE-2026-23003 [ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()]
+CVE-2026-23003 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/81c734dae203757fb3c9eee6f9896386940776bd (6.19-rc6)
-CVE-2026-23002 [lib/buildid: use __kernel_read() for sleepable context]
+CVE-2026-23002 (In the Linux kernel, the following vulnerability has been 
resolved:  l ...)
        - linux <unfixed>
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/777a8560fd29738350c5094d4166fe5499452409 (6.19-rc6)
-CVE-2026-23001 [macvlan: fix possible UAF in macvlan_forward_source()]
+CVE-2026-23001 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/7470a7a63dc162f07c26dbf960e41ee1e248d80e (6.19-rc6)
-CVE-2026-23000 [net/mlx5e: Fix crash on profile change rollback failure]
+CVE-2026-23000 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux <unfixed>
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/4dadc4077e3f77d6d31e199a925fc7a705e7adeb (6.19-rc6)
-CVE-2026-22999 [net/sched: sch_qfq: do not free existing class in 
qfq_change_class()]
+CVE-2026-22999 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/3879cffd9d07aa0377c4b8835c4f64b4fb24ac78 (6.19-rc6)
-CVE-2026-22998 [nvme-tcp: fix NULL pointer dereferences in 
nvmet_tcp_build_pdu_iovec]
+CVE-2026-22998 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/32b63acd78f577b332d976aa06b56e70d054cbba (6.19-rc6)
-CVE-2026-22997 [net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate 
session upon receiving the second rts]
+CVE-2026-22997 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/1809c82aa073a11b7d335ae932d81ce51a588a4a (6.19-rc6)
-CVE-2026-22996 [net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv]
+CVE-2026-22996 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux <unfixed>
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/123eda2e5b1638e298e3a66bb1e64a8da92de5e1 (6.19-rc6)
-CVE-2025-71163 [dmaengine: idxd: fix device leaks on compat bind and unbind]
+CVE-2025-71163 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux <unfixed>
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/799900f01792cf8b525a44764f065f83fcafd468 (6.19-rc6)
-CVE-2025-71162 [dmaengine: tegra-adma: Fix use-after-free]
+CVE-2025-71162 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux <unfixed>
        NOTE: 
https://git.kernel.org/linus/2efd07a7c36949e6fa36a69183df24d368bf9e96 (6.19-rc6)
 CVE-2025-6461 (The CubeWP \u2013 All-in-One Dynamic Content Framework plugin 
for Word ...)
@@ -2183,6 +2199,7 @@ CVE-2026-21947 (Vulnerability in Oracle Java SE 
(component: JavaFX).  Supported
 CVE-2026-21946 (Vulnerability in the JD Edwards EnterpriseOne Tools product of 
Oracle  ...)
        NOT-FOR-US: Oracle
 CVE-2026-21945 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
+       {DSA-6110-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -2212,6 +2229,7 @@ CVE-2026-21935 (Vulnerability in the Oracle Solaris 
product of Oracle Systems (c
 CVE-2026-21934 (Vulnerability in the PeopleSoft Enterprise PeopleTools product 
of Orac ...)
        NOT-FOR-US: Oracle
 CVE-2026-21933 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
+       {DSA-6110-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -2219,6 +2237,7 @@ CVE-2026-21933 (Vulnerability in the Oracle Java SE, 
Oracle GraalVM for JDK, Ora
        - openjdk-25 25.0.2+10-1
        NOTE: https://openjdk.org/groups/vulnerability/advisories/2026-01-20
 CVE-2026-21932 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
+       {DSA-6110-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -2238,6 +2257,7 @@ CVE-2026-21927 (Vulnerability in the Oracle Solaris 
product of Oracle Systems (c
 CVE-2026-21926 (Vulnerability in the Siebel CRM Deployment product of Oracle 
Siebel CR ...)
        NOT-FOR-US: Oracle
 CVE-2026-21925 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, 
Oracle Gr ...)
+       {DSA-6110-1}
        - openjdk-8 <unfixed> (bug #1126119)
        - openjdk-11 11.0.30+7-1
        - openjdk-17 17.0.18+8-1
@@ -233443,6 +233463,7 @@ CVE-2022-4960 (A vulnerability, which was classified 
as problematic, has been fo
 CVE-2022-4959 (A vulnerability classified as problematic was found in qkmc-rk 
redbbs  ...)
        NOT-FOR-US: qkmc-rk redbbs
 CVE-2022-48620 (uev (aka libuev) before 2.4.1 has a buffer overflow in 
epoll_wait if m ...)
+       {DLA-4454-1}
        - libuev 2.4.1-1 (bug #1060692)
        [bookworm] - libuev <no-dsa> (Minor issue)
        NOTE: https://github.com/troglobit/libuev/issues/27



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecef6b53b368cf8dea29ed55acb9138b413b1f05

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ecef6b53b368cf8dea29ed55acb9138b413b1f05
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to