Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c91061a6 by Salvatore Bonaccorso at 2026-02-17T05:48:58+01:00
Add reference for libvpx issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,6 +53,7 @@ CVE-2026-2447 (Heap buffer overflow in libvpx. This
vulnerability affects Firefo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
NOTE: Firefox, Firefox ESR and Thunderbird use the system libvpx library
NOTE: Same issue as CVE-2026-1861/chromium
+ NOTE: https://issues.oss-fuzz.com/issues/476466137
NOTE:
https://chromium.googlesource.com/webm/libvpx/+/d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1
TODO: check, libvpx might need a separate CVE for src:libvpx itself
CVE-2026-2415 (Emails sent by pretix can utilize placeholders that will be
filled wit ...)
@@ -5244,6 +5245,7 @@ CVE-2026-1861 (Heap buffer overflow in libvpx in Google
Chrome prior to 144.0.75
{DSA-6122-1}
- chromium 144.0.7559.109-2
[bullseye] - chromium <end-of-life> (see #1061268)
+ NOTE: https://issues.oss-fuzz.com/issues/476466137
NOTE:
https://chromium.googlesource.com/webm/libvpx/+/d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1
CVE-2026-25616 (Blesta 3.x through 5.x before 5.13.3 mishandles input
validation, aka ...)
NOT-FOR-US: Blesta
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c91061a63bdc73dd125de82438db90545a2e4425
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c91061a63bdc73dd125de82438db90545a2e4425
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
