[Git][security-tracker-team/security-tracker][master] Add two uTLS issues

Sun, 22 Feb 2026 11:21:12 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
4bbaddef by Salvatore Bonaccorso at 2026-02-22T20:20:37+01:00
Add two uTLS issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1012,7 +1012,10 @@ CVE-2026-27317
 CVE-2026-27114 (NanaZip is an open source file archive Starting in version 
5.0.1252.0  ...)
        NOT-FOR-US: NanaZip
 CVE-2026-27017 (uTLS is a fork of crypto/tls, created to customize ClientHello 
for fin ...)
-       TODO: check
+       - golang-refraction-networking-utls <not-affected> (Vulnerable code 
introduced later)
+       NOTE: 
https://github.com/refraction-networking/utls/security/advisories/GHSA-7m29-f4hw-g2vx
+       NOTE: Introduced after: 
https://github.com/refraction-networking/utls/commit/b4de442d0250c0f55d8873d95e589ff9206a3ae7
 (v1.6.0)
+       NOTE: Fixed by: 
https://github.com/refraction-networking/utls/commit/24bd1e05a788c1add7f3037f4532ea552b2cee07
 (v1.8.1)
 CVE-2026-27016 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)
        NOT-FOR-US: LibreNMS
 CVE-2026-27014 (NanaZip is an open source file archive Starting in version 
5.0.1252.0  ...)
@@ -1040,7 +1043,9 @@ CVE-2026-26996 (minimatch is a minimal matching utility 
for converting glob expr
 CVE-2026-26995
        REJECTED
 CVE-2026-26994 (uTLS is a fork of crypto/tls, created to customize ClientHello 
for fin ...)
-       TODO: check
+       - golang-refraction-networking-utls <unfixed>
+       NOTE: 
https://github.com/refraction-networking/utls/security/advisories/GHSA-pmc3-p9hx-jq96
+       NOTE: Fixed by: 
https://github.com/refraction-networking/utls/commit/f8892761e2a4d29054264651d3a86fda83bc83f9
 (v1.7.0)
 CVE-2026-26993 (Flare is a Next.js-based, self-hostable file sharing platform 
that int ...)
        NOT-FOR-US: Next.js
 CVE-2026-26992 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network 
monitorin ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bbaddefa26ec861d6101a6b266494b19cf5a97d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4bbaddefa26ec861d6101a6b266494b19cf5a97d
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to