Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
280b867b by security tracker role at 2026-01-31T20:14:53+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,154 +1,158 @@
-CVE-2026-23039 [drm/gud: fix NULL fb and crtc dereferences on USB disconnect]
+CVE-2026-1165 (The Popup Box plugin for WordPress is vulnerable to Cross-Site
Request ...)
+ TODO: check
+CVE-2025-14554 (The Sell BTC - Cryptocurrency Selling Calculator plugin for
WordPress ...)
+ TODO: check
+CVE-2026-23039 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/dc2d5ddb193e363187bae2ad358245642d2721fb (6.19-rc6)
-CVE-2026-23036 [btrfs: release path before iget_failed() in
btrfs_read_locked_inode()]
+CVE-2026-23036 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1e1f2055ad5a7a5d548789b334a4473a7665c418 (6.19-rc6)
-CVE-2026-23034 [drm/amdgpu/userq: Fix fence reference leak on queue teardown
v2]
+CVE-2026-23034 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b2426a211dba6432e32a2e70e9183c6e134475c6 (6.19-rc6)
-CVE-2025-71187 [dmaengine: sh: rz-dmac: fix device leak on probe failure]
+CVE-2025-71187 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9fb490323997dcb6f749cd2660a17a39854600cd (6.19-rc6)
-CVE-2026-23038 [pnfs/flexfiles: Fix memory leak in
nfs4_ff_alloc_deviceid_node()]
+CVE-2026-23038 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/0c728083654f0066f5e10a1d2b0bd0907af19a58 (6.19-rc6)
-CVE-2026-23037 [can: etas_es58x: allow partial RX URB allocation to succeed]
+CVE-2026-23037 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b1979778e98569c1e78c2c7f16bb24d76541ab00 (6.19-rc6)
-CVE-2026-23035 [net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv]
+CVE-2026-23035 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4ef8512e1427111f7ba92b4a847d181ff0aeec42 (6.19-rc6)
-CVE-2026-23033 [dmaengine: omap-dma: fix dma_pool resource leak in error paths]
+CVE-2026-23033 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/2e1136acf8a8887c29f52e35a77b537309af321f (6.19-rc6)
-CVE-2026-23032 [null_blk: fix kmemleak by releasing references to fault
configfs items]
+CVE-2026-23032 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/40b94ec7edbbb867c4e26a1a43d2b898f04b93c5 (6.19-rc6)
-CVE-2026-23031 [can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory
leak]
+CVE-2026-23031 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/7352e1d5932a0e777e39fa4b619801191f57e603 (6.19-rc6)
-CVE-2026-23030 [phy: rockchip: inno-usb2: Fix a double free bug in
rockchip_usb2phy_probe()]
+CVE-2026-23030 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e07dea3de508cd6950c937cec42de7603190e1ca (6.19-rc6)
-CVE-2026-23029 [LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()]
+CVE-2026-23029 (In the Linux kernel, the following vulnerability has been
resolved: L ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/7d8553fc75aefa7ec936af0cf8443ff90b51732e (6.19-rc6)
-CVE-2026-23028 [LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()]
+CVE-2026-23028 (In the Linux kernel, the following vulnerability has been
resolved: L ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/0bf58cb7288a4d3de6d8ecbb3a65928a9362bf21 (6.19-rc6)
-CVE-2026-23027 [LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()]
+CVE-2026-23027 (In the Linux kernel, the following vulnerability has been
resolved: L ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/1cf342a7c3adc5877837b53bbceb5cc9eff60bbf (6.19-rc6)
-CVE-2026-23026 [dmaengine: qcom: gpi: Fix memory leak in
gpi_peripheral_config()]
+CVE-2026-23026 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3f747004bbd641131d9396d87b5d2d3d1e182728 (6.19-rc6)
-CVE-2026-23025 [mm/page_alloc: prevent pcp corruption with SMP=n]
+CVE-2026-23025 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/038a102535eb49e10e93eafac54352fcc5d78847 (6.19-rc6)
-CVE-2025-71191 [dmaengine: at_hdmac: fix device leak on of_dma_xlate()]
+CVE-2025-71191 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/b9074b2d7a230b6e28caa23165e9d8bc0677d333 (6.19-rc6)
-CVE-2025-71190 [dmaengine: bcm-sba-raid: fix device leak on probe]
+CVE-2025-71190 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/7c3a46ebf15a9796b763a54272407fdbf945bed8 (6.19-rc6)
-CVE-2025-71189 [dmaengine: dw: dmamux: fix OF node leak on route allocation
failure]
+CVE-2025-71189 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ec25e60f9f95464aa11411db31d0906b3fb7b9f2 (6.19-rc6)
-CVE-2025-71188 [dmaengine: lpc18xx-dmamux: fix device leak on route allocation]
+CVE-2025-71188 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/d4d63059dee7e7cae0c4d9a532ed558bc90efb55 (6.19-rc6)
-CVE-2025-71186 [dmaengine: stm32: dmamux: fix device leak on route allocation]
+CVE-2025-71186 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/dd6e4943889fb354efa3f700e42739da9bddb6ef (6.19-rc6)
-CVE-2025-71185 [dmaengine: ti: dma-crossbar: fix device leak on am335x route
allocation]
+CVE-2025-71185 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/4fc17b1c6d2e04ad13fd6c21cfbac68043ec03f9 (6.19-rc6)
-CVE-2026-23024 [idpf: fix memory leak of flow steer list on rmmod]
+CVE-2026-23024 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f9841bd28b600526ca4f6713b0ca49bf7bb98452 (6.19-rc5)
-CVE-2026-23022 [idpf: fix memory leak in idpf_vc_core_deinit()]
+CVE-2026-23022 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e111cbc4adf9f9974eed040aeece7e17460f6bff (6.19-rc5)
-CVE-2026-23018 [btrfs: release path before initializing extent tree in
btrfs_read_locked_inode()]
+CVE-2026-23018 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8731f2c50b0b1d2b58ed5b9671ef2c4bdc2f8347 (6.19-rc5)
-CVE-2026-23016 [inet: frags: drop fraglist conntrack references]
+CVE-2026-23016 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2ef02ac38d3c17f34a00c4b267d961a8d4b45d1a (6.19-rc5)
-CVE-2026-23015 [gpio: mpsse: fix reference leak in gpio_mpsse_probe() error
paths]
+CVE-2026-23015 (In the Linux kernel, the following vulnerability has been
resolved: g ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/1e876e5a0875e71e34148c9feb2eedd3bf6b2b43 (6.19-rc5)
-CVE-2025-71181 [rust_binder: remove spin_lock() in rust_shrink_free_page()]
+CVE-2025-71181 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
- linux 6.18.8-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/361e0ff456a8daf9753c18030533256e4133ce7a (6.19-rc5)
-CVE-2026-23023 [idpf: fix memory leak in idpf_vport_rel()]
+CVE-2026-23023 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/f6242b354605faff263ca45882b148200915a3f6 (6.19-rc5)
-CVE-2026-23021 [net: usb: pegasus: fix memory leak in update_eth_regs_async()]
+CVE-2026-23021 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/afa27621a28af317523e0836dad430bec551eb54 (6.19-rc5)
-CVE-2026-23020 [net: 3com: 3c59x: fix possible null dereference in
vortex_probe1()]
+CVE-2026-23020 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/a4e305ed60f7c41bbf9aabc16dd75267194e0de3 (6.19-rc5)
-CVE-2026-23019 [net: marvell: prestera: fix NULL dereference on
devlink_alloc() failure]
+CVE-2026-23019 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/a428e0da1248c353557970848994f35fd3f005e2 (6.19-rc5)
-CVE-2026-23017 [idpf: fix error handling in the init_task on load]
+CVE-2026-23017 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
- linux 6.18.8-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4d792219fe6f891b5b557a607ac8a0a14eda6e38 (6.19-rc5)
-CVE-2025-71184 [btrfs: fix NULL dereference on root when tracing inode
eviction]
+CVE-2025-71184 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/f157dd661339fc6f5f2b574fe2429c43bd309534 (6.19-rc5)
-CVE-2025-71183 [btrfs: always detect conflicting inodes when logging inode
refs]
+CVE-2025-71183 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/7ba0b6461bc4edb3005ea6e00cdae189bcf908a5 (6.19-rc5)
-CVE-2025-71182 [can: j1939: make j1939_session_activate() fail if device is no
longer registered]
+CVE-2025-71182 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
NOTE:
https://git.kernel.org/linus/5d5602236f5db19e8b337a2cd87a90ace5ea776d (6.19-rc2)
-CVE-2025-71180 [counter: interrupt-cnt: Drop IRQF_NO_THREAD flag]
+CVE-2025-71180 (In the Linux kernel, the following vulnerability has been
resolved: c ...)
- linux 6.18.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/23f9485510c338476b9735d516c1d4aacb810d46 (6.19-rc5)
@@ -1210,7 +1214,7 @@ CVE-2026-0832 (The New User Approve plugin for WordPress
is vulnerable to unauth
NOT-FOR-US: WordPress plugin
CVE-2026-0825 (The Database for Contact Form 7, WPforms, Elementor forms
plugin for W ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-0818 (CSS-based exfiltration of the content from partially encrypted
emails ...)
+CVE-2026-0818 (When a user explicitly requested Thunderbird to decrypt an
inline Open ...)
- thunderbird <unfixed>
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2026-08/#CVE-2026-0818
CVE-2025-9082 (The WPBITS Addons For Elementor plugin for WordPress is
vulnerable to ...)
@@ -26803,11 +26807,12 @@ CVE-2025-11778 (Stack-based buffer overflow in
Circutor SGE-PLC1000/SGE-PLC50 v0
CVE-2025-10543 (In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang)
versions <=1.5 ...)
NOT-FOR-US: Eclipse Paho Go MQTT
CVE-2025-64460 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
- {DLA-4425-1}
+ {DSA-6117-1 DLA-4425-1}
- python-django 3:4.2.27-1 (bug #1121788)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/4d2b8803bebcdefd2b76e9e8fc528d5fddea93f0
(4.2.27)
CVE-2025-13372 (An issue was discovered in 5.2 before 5.2.9, 5.1 before
5.1.15, and 4. ...)
+ {DSA-6117-1}
- python-django 3:4.2.27-1 (bug #1121788)
[bullseye] - python-django <not-affected> (.alias() functionality added
later)
NOTE:
https://www.djangoproject.com/weblog/2025/dec/02/security-releases/
@@ -33613,7 +33618,7 @@ CVE-2025-12725 (Out of bounds read in WebGPU in Google
Chrome on Android prior t
- chromium 142.0.7444.134-1
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2025-64459 (An issue was discovered in 5.1 before 5.1.14, 4.2 before
4.2.26, and 5 ...)
- {DLA-4425-1}
+ {DSA-6117-1 DLA-4425-1}
- python-django 3:4.2.26-1 (bug #1120139)
NOTE:
https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
NOTE:
https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb
(main)
@@ -46449,12 +46454,12 @@ CVE-2022-50420 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.1.4-1
NOTE:
https://git.kernel.org/linus/45e6319bd5f2154d8b8c9f1eaa4ac030ba0d330c (6.2-rc1)
CVE-2025-59681 (An issue was discovered in Django 4.2 before 4.2.25, 5.1
before 5.1.13 ...)
- {DLA-4324-1}
+ {DSA-6117-1 DLA-4324-1}
- python-django 3:4.2.25-1 (bug #1116979)
NOTE:
https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
NOTE:
https://github.com/django/django/commit/38d9ef8c7b5cb6ef51b933e51a20e0e0063f33d5
(4.2.25)
CVE-2025-59682 (An issue was discovered in Django 4.2 before 4.2.25, 5.1
before 5.1.13 ...)
- {DLA-4324-1}
+ {DSA-6117-1 DLA-4324-1}
- python-django 3:4.2.25-1 (bug #1116979)
NOTE:
https://www.djangoproject.com/weblog/2025/oct/01/security-releases/
NOTE:
https://github.com/django/django/commit/9504bbaa392c9fe37eee9291f5b4c29eb6037619
(4.2.25)
@@ -57768,7 +57773,7 @@ CVE-2024-13063 (Authorization Bypass Through
User-Controlled Key vulnerability i
CVE-2014-125127 (The mikecao/flight PHP framework in versions prior to v1.2 is
vulnerab ...)
NOT-FOR-US: mikecao/flight
CVE-2025-57833 (An issue was discovered in Django 4.2 before 4.2.24, 5.1
before 5.1.12 ...)
- {DLA-4301-1}
+ {DSA-6117-1 DLA-4301-1}
- python-django 3:4.2.24-1 (bug #1113865)
NOTE:
https://www.djangoproject.com/weblog/2025/sep/03/security-releases/
NOTE:
https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92
(4.2.24)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/280b867b0fbb94d857da401f157060e7fe7e9abd
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/280b867b0fbb94d857da401f157060e7fe7e9abd
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
