Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
02e83fcb by Salvatore Bonaccorso at 2026-01-28T23:15:30+01:00
Update status for CVE-2026-23643
As cakephp was removed at version 2.10.24-2 we had no version ever
released in unstable having the vulnerable code.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4292,8 +4292,7 @@ CVE-2026-23742 (Skipper is an HTTP router and reverse
proxy for service composit
CVE-2026-23735 (GraphQL Modules is a toolset of libraries and guidelines
dedicated to ...)
NOT-FOR-US: GraphQL Modules
CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The
PaginatorHelper: ...)
- - cakephp <removed>
- [bullseye] - cakephp <not-affected> (Vulnerable code introduced later)
+ - cakephp <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5
NOTE: https://github.com/cakephp/cakephp/issues/19172
NOTE: Introduced by:
https://github.com/cakephp/cakephp/commit/87b366cb714f6872e5609a9749ccbfd529886c1b
(5.2.10)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02e83fcbe4e34914bd3bd0ac8c69a96fc207ce53
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02e83fcbe4e34914bd3bd0ac8c69a96fc207ce53
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
