Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2aa74636 by security tracker role at 2026-03-12T08:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,245 @@
+CVE-2026-4014 (A security flaw has been discovered in itsourcecode Cafe
Reservation S ...)
+ TODO: check
+CVE-2026-4013 (A vulnerability was identified in SourceCodester Web-based
Pharmacy Pr ...)
+ TODO: check
+CVE-2026-4012 (A vulnerability was determined in rxi fe up to
ed4cda96bd582cbb0852096 ...)
+ TODO: check
+CVE-2026-4010 (A vulnerability was found in ThakeeNathees pocketlang up to
cc73ca61b1 ...)
+ TODO: check
+CVE-2026-4009 (A vulnerability has been found in jarikomppa soloud up to
20200207. Im ...)
+ TODO: check
+CVE-2026-4008 (A flaw has been found in Tenda W3 1.0.0.3(2204). This issue
affects so ...)
+ TODO: check
+CVE-2026-4007 (A vulnerability was detected in Tenda W3 1.0.0.3(2204). This
vulnerabi ...)
+ TODO: check
+CVE-2026-3994 (A vulnerability was detected in rui314 mold up to 2.40.4. This
issue a ...)
+ TODO: check
+CVE-2026-3993 (A security vulnerability has been detected in itsourcecode
Payroll Man ...)
+ TODO: check
+CVE-2026-3992 (A weakness has been identified in CodeGenieApp
serverless-express up t ...)
+ TODO: check
+CVE-2026-3990 (A security flaw has been discovered in CesiumGS CesiumJS up to
1.137.0 ...)
+ TODO: check
+CVE-2026-3984 (A weakness has been identified in Campcodes Division Regional
Athletic ...)
+ TODO: check
+CVE-2026-3983 (A security flaw has been discovered in Campcodes Division
Regional Ath ...)
+ TODO: check
+CVE-2026-3982 (A vulnerability was determined in itsourcecode University
Management S ...)
+ TODO: check
+CVE-2026-3981 (A vulnerability was found in itsourcecode Online Doctor
Appointment Sy ...)
+ TODO: check
+CVE-2026-3980 (A vulnerability has been found in itsourcecode Online Doctor
Appointme ...)
+ TODO: check
+CVE-2026-3979 (A flaw has been found in quickjs-ng quickjs up to 0.12.1. This
affects ...)
+ TODO: check
+CVE-2026-3978 (A vulnerability was detected in D-Link DIR-513 1.10. The
impacted elem ...)
+ TODO: check
+CVE-2026-3977 (A security vulnerability has been detected in projectsend up to
r1945. ...)
+ TODO: check
+CVE-2026-3976 (A weakness has been identified in Tenda W3 1.0.0.3(2204).
Impacted is ...)
+ TODO: check
+CVE-2026-3975 (A security flaw has been discovered in Tenda W3 1.0.0.3(2204).
This is ...)
+ TODO: check
+CVE-2026-3974 (A vulnerability was identified in Tenda W3 1.0.0.3(2204). This
vulnera ...)
+ TODO: check
+CVE-2026-3973 (A vulnerability was determined in Tenda W3 1.0.0.3(2204). This
affects ...)
+ TODO: check
+CVE-2026-3972 (A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected
by this ...)
+ TODO: check
+CVE-2026-3971 (A vulnerability has been found in Tenda i3 1.0.0.6(2204).
Affected by ...)
+ TODO: check
+CVE-2026-3970 (A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is
the funct ...)
+ TODO: check
+CVE-2026-3969 (A vulnerability was detected in FeMiner wms up to 1.0. This
impacts an ...)
+ TODO: check
+CVE-2026-3968 (A vulnerability has been found in AutohomeCorp frostmourne up
to 1.0. ...)
+ TODO: check
+CVE-2026-3967 (A flaw has been found in Alfresco Activiti up to 7.19/8.8.0.
Affected ...)
+ TODO: check
+CVE-2026-3966 (A vulnerability was detected in 648540858 wvp-GB28181-pro up to
2.7.4- ...)
+ TODO: check
+CVE-2026-3965 (A security vulnerability has been detected in whyour qinglong
up to 2. ...)
+ TODO: check
+CVE-2026-3964 (A weakness has been identified in OpenAkita up to 1.24.3. This
impacts ...)
+ TODO: check
+CVE-2026-3963 (A security flaw has been discovered in perfree go-fastdfs-web
up to 1. ...)
+ TODO: check
+CVE-2026-3962 (A vulnerability was identified in Jcharis
Machine-Learning-Web-Apps up ...)
+ TODO: check
+CVE-2026-3961 (A vulnerability was determined in zyddnys
manga-image-translator up to ...)
+ TODO: check
+CVE-2026-3959 (A vulnerability was found in 0xKoda WireMCP up to
7f45f8b2b4adeb76be8c ...)
+ TODO: check
+CVE-2026-3958 (A vulnerability has been found in Woahai321 ListSync up to
0.6.6. This ...)
+ TODO: check
+CVE-2026-3957 (A flaw has been found in xierongwkhd weimai-wetapp up to
5fe9e8225be4f ...)
+ TODO: check
+CVE-2026-3956 (A vulnerability was detected in xierongwkhd weimai-wetapp up to
5fe9e8 ...)
+ TODO: check
+CVE-2026-3955 (A security vulnerability has been detected in elecV2P up to
3.8.3. Aff ...)
+ TODO: check
+CVE-2026-3942 (Incorrect security UI in PictureInPicture in Google Chrome
prior to 14 ...)
+ TODO: check
+CVE-2026-3941 (Insufficient policy enforcement in DevTools in Google Chrome
prior to ...)
+ TODO: check
+CVE-2026-3940 (Insufficient policy enforcement in DevTools in Google Chrome
prior to ...)
+ TODO: check
+CVE-2026-3939 (Insufficient policy enforcement in PDF in Google Chrome prior
to 146.0 ...)
+ TODO: check
+CVE-2026-3938 (Insufficient policy enforcement in Clipboard in Google Chrome
prior to ...)
+ TODO: check
+CVE-2026-3937 (Incorrect security UI in Downloads in Google Chrome on Android
prior t ...)
+ TODO: check
+CVE-2026-3936 (Use after free in WebView in Google Chrome on Android prior to
146.0.7 ...)
+ TODO: check
+CVE-2026-3935 (Incorrect security UI in WebAppInstalls in Google Chrome prior
to 146. ...)
+ TODO: check
+CVE-2026-3934 (Insufficient policy enforcement in ChromeDriver in Google
Chrome prior ...)
+ TODO: check
+CVE-2026-3932 (Insufficient policy enforcement in PDF in Google Chrome on
Android pri ...)
+ TODO: check
+CVE-2026-3931 (Heap buffer overflow in Skia in Google Chrome prior to
146.0.7680.71 a ...)
+ TODO: check
+CVE-2026-3930 (Unsafe navigation in Navigation in Google Chrome on iOS prior
to 146.0 ...)
+ TODO: check
+CVE-2026-3929 (Side-channel information leakage in ResourceTiming in Google
Chrome pr ...)
+ TODO: check
+CVE-2026-3928 (Insufficient policy enforcement in Extensions in Google Chrome
prior t ...)
+ TODO: check
+CVE-2026-3927 (Incorrect security UI in PictureInPicture in Google Chrome
prior to 14 ...)
+ TODO: check
+CVE-2026-3926 (Out of bounds read in V8 in Google Chrome prior to
146.0.7680.71 allow ...)
+ TODO: check
+CVE-2026-3925 (Incorrect security UI in LookalikeChecks in Google Chrome on
Android p ...)
+ TODO: check
+CVE-2026-3924 (use after free in WindowDialog in Google Chrome prior to
146.0.7680.71 ...)
+ TODO: check
+CVE-2026-3923 (Use after free in WebMIDI in Google Chrome prior to
146.0.7680.71 allo ...)
+ TODO: check
+CVE-2026-3922 (Use after free in MediaStream in Google Chrome prior to
146.0.7680.71 ...)
+ TODO: check
+CVE-2026-3921 (Use after free in TextEncoding in Google Chrome prior to
146.0.7680.71 ...)
+ TODO: check
+CVE-2026-3920 (Out of bounds memory access in WebML in Google Chrome prior to
146.0.7 ...)
+ TODO: check
+CVE-2026-3919 (Use after free in Extensions in Google Chrome prior to
146.0.7680.71 a ...)
+ TODO: check
+CVE-2026-3918 (Use after free in WebMCP in Google Chrome prior to
146.0.7680.71 allow ...)
+ TODO: check
+CVE-2026-3917 (Use after free in Agents in Google Chrome prior to
146.0.7680.71 allow ...)
+ TODO: check
+CVE-2026-3916 (Out of bounds read in Web Speech in Google Chrome prior to
146.0.7680. ...)
+ TODO: check
+CVE-2026-3915 (Heap buffer overflow in WebML in Google Chrome prior to
146.0.7680.71 ...)
+ TODO: check
+CVE-2026-3914 (Integer overflow in WebML in Google Chrome prior to
146.0.7680.71 allo ...)
+ TODO: check
+CVE-2026-3913 (Heap buffer overflow in WebML in Google Chrome prior to
146.0.7680.71 ...)
+ TODO: check
+CVE-2026-3657 (The My Sticky Bar plugin for WordPress is vulnerable to SQL
injection ...)
+ TODO: check
+CVE-2026-3226 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress
is vul ...)
+ TODO: check
+CVE-2026-32136 (AdGuard Home is a network-wide software for blocking ads and
tracking. ...)
+ TODO: check
+CVE-2026-32133 (2FAuth is a web app to manage Two-Factor Authentication (2FA)
accounts ...)
+ TODO: check
+CVE-2026-32132 (ZITADEL is an open source identity management platform. Prior
to 3.4.8 ...)
+ TODO: check
+CVE-2026-32131 (ZITADEL is an open source identity management platform. Prior
to 3.4.8 ...)
+ TODO: check
+CVE-2026-32130 (ZITADEL is an open source identity management platform. From
2.68.0 to ...)
+ TODO: check
+CVE-2026-32128 (FastGPT is an AI Agent building platform. In 4.14.7 and
earlier, FastG ...)
+ TODO: check
+CVE-2026-32127 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32126 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32125 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32124 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32123 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32122 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32121 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32118 (OpenEMR is a free and open source electronic health records
and medica ...)
+ TODO: check
+CVE-2026-32117 (The grafanacubism-panel plugin allows use of cubism.js in
Grafana. In ...)
+ TODO: check
+CVE-2026-32112 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the
ha-mcp OAut ...)
+ TODO: check
+CVE-2026-32111 (ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the
ha-mcp OAut ...)
+ TODO: check
+CVE-2026-32110 (SiYuan is a personal knowledge management system. Prior to
3.6.0, the ...)
+ TODO: check
+CVE-2026-32109 (Copyparty is a portable file server. Prior to 1.20.12, if an
attacker ...)
+ TODO: check
+CVE-2026-32108 (Copyparty is a portable file server. Prior to 1.20.12, there
was a mis ...)
+ TODO: check
+CVE-2026-32106 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
+ TODO: check
+CVE-2026-32104 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
+ TODO: check
+CVE-2026-32103 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
+ TODO: check
+CVE-2026-32102 (OliveTin gives access to predefined shell commands from a web
interfac ...)
+ TODO: check
+CVE-2026-32101 (StudioCMS is a server-side-rendered, Astro native, headless
content ma ...)
+ TODO: check
+CVE-2026-31988 (yauzl (aka Yet Another Unzip Library) version 3.2.0 for
Node.js contai ...)
+ TODO: check
+CVE-2026-2808 (HashiCorp Consul and Consul Enterprise 1.18.20 up to 1.21.10
and 1.22. ...)
+ TODO: check
+CVE-2026-2687 (The Reading progressbar WordPress plugin before 1.3.1 does not
sanitis ...)
+ TODO: check
+CVE-2026-2640 (During an internal security assessment, a potential
vulnerability was ...)
+ TODO: check
+CVE-2026-2368 (An improper certificate validation vulnerability was reported
in the L ...)
+ TODO: check
+CVE-2026-27591 (Winter is a free, open-source content management system (CMS)
based on ...)
+ TODO: check
+CVE-2026-1878 (An Insufficient Integrity Verification vulnerability in the
ASUS ROG p ...)
+ TODO: check
+CVE-2026-1717 (An input validation vulnerability was reported in the
LenovoProductivi ...)
+ TODO: check
+CVE-2026-1716 (An input validation vulnerability was reported in the
DeviceSettingsSy ...)
+ TODO: check
+CVE-2026-1715 (An input validation vulnerability was reported in the
DeviceSettingsSy ...)
+ TODO: check
+CVE-2026-1653 (A potential divide by zero vulnerability was reported in the
Lenovo Vi ...)
+ TODO: check
+CVE-2026-1652 (A potential buffer overflow vulnerability was reported in the
Lenovo V ...)
+ TODO: check
+CVE-2026-1182 (GitLab has remediated an issue in GitLab CE/EE affecting all
versions ...)
+ TODO: check
+CVE-2026-1068 (An improper certificate validation vulnerability was reported
in the L ...)
+ TODO: check
+CVE-2026-0940 (A potential improper initialization vulnerability was reported
in the ...)
+ TODO: check
+CVE-2026-0520 (A potential vulnerability was reported in the Lenovo FileZ
Android app ...)
+ TODO: check
+CVE-2025-70041 (An issue pertaining to CWE-259: Use of Hard-coded Password was
discove ...)
+ TODO: check
+CVE-2025-70024 (An issue pertaining to CWE-89: Improper Neutralization of
Special Elem ...)
+ TODO: check
+CVE-2025-66956 (Insecure Access Control in Contact Plan, E-Mail, SMS and Fax
component ...)
+ TODO: check
+CVE-2025-62328 (HCL Nomad server on Domino did not configure the
frame-ancestors direc ...)
+ TODO: check
+CVE-2025-59388 (A use of hard-coded password vulnerability has been reported
to affect ...)
+ TODO: check
+CVE-2025-15473 (The Timetics WordPress plugin before 1.0.52 does not have
authorizati ...)
+ TODO: check
+CVE-2025-15038 (An Out-of-Bounds Read vulnerability exists in the ASUS
Business System ...)
+ TODO: check
+CVE-2025-15037 (An Incorrect Permission Assignment vulnerability exists in the
ASUS Bu ...)
+ TODO: check
+CVE-2023-43010 (The issue was addressed with improved memory handling. This
issue is f ...)
+ TODO: check
CVE-2026-2436
- libsoup3 <unfixed>
- libsoup2.4 <removed>
@@ -3659,7 +3901,7 @@ CVE-2025-40931 (Apache::Session::Generate::MD5 versions
through 1.94 for Perl cr
CVE-2024-57854 (Net::NSCA::Client versions through 0.009002 for Perl uses a
poor rando ...)
NOT-FOR-US: Net::NSCA::Client Perl module
NOTE: Net::NSCAng::Client embedded in nsca-ng is different code
-CVE-2025-40926 (Plack::Middleware::Session::Simple versions through 0.04 for
Perl gene ...)
+CVE-2025-40926 (Plack::Middleware::Session::Simple versions before 0.05 for
Perl gener ...)
NOT-FOR-US: Plack::Middleware::Session::Simple Perl module
CVE-2026-3545 (Insufficient data validation in Navigation in Google Chrome
prior to 1 ...)
{DSA-6157-1}
@@ -5743,13 +5985,13 @@ CVE-2026-27804 (Parse Server is an open source backend
that can be deployed to a
CVE-2026-27800 (Zed, a code editor, has a Zip Slip (Path Traversal)
vulnerability exis ...)
- zed-editor <itp> (bug #1076165)
CVE-2026-27799 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-r99p-5442-q2x2
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e87695b3227978ad70b967b8d054baaf8ac2cced
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/958ca384aa84ca48fbe3af07bb8d1708ab4d6143
(6.9.13-39)
CVE-2026-27798 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qpgx-jfcq-r59f
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/0377e60b3c0d766bd7271221c95d9ee54f6a3738
(7.1.2-14)
@@ -6995,7 +7237,7 @@ CVE-2026-26284 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/0c9ffcf55763e5daf1b61dfed0deed1aa43e217f
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/5204a166fd2463905025378303c7e3715163d0e7
(6.9.13-39)
CVE-2026-26283 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gwr3-x37h-h84v
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/c448c6920a985872072fc7be6034f678c087de9b
(7.1.2-14)
@@ -7005,7 +7247,7 @@ CVE-2026-26198 (Ormar is a async mini ORM for Python. In
versions 0.9.9 through
NOTE:
https://github.com/collerek/ormar/security/advisories/GHSA-xxh2-68g9-8jqr
NOTE: Fixed by:
https://github.com/collerek/ormar/commit/a03bae14fe01358d3eaf7e319fcd5db2e4956b16
(0.23.0)
CVE-2026-26066 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v994-63cg-9wj3
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/880057ce34f6da9dff2fe3b290bbbc45b743e613
(7.1.2-14)
@@ -7015,25 +7257,25 @@ CVE-2026-26025 (free5GC SMF provides Session Management
Function for free5GC, an
CVE-2026-26024 (free5GC SMF provides Session Management Function for free5GC,
an open- ...)
NOT-FOR-US: Free5GC
CVE-2026-25989 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7355-pwx2-pm84
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/5a545ab9d6c3d12a6a76cfed32b87df096729d95
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/7fc7208f8f3073d768b8b1658fd6ecda1ef6e1c5
(6.9.13-39)
CVE-2026-25988 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-782x-jh29-9mf7
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4354fc1d554ec2e6314aed13536efa7bde9593d2
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/d2e99064d65f5955f39d92e4b208089409118683
(6.9.13-39)
CVE-2026-25987 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-42p5-62qq-mmh7
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/bbae0215e1b76830509fd20e6d37c0dd7e3e4c3a
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/a842cd896a19744b5577b6113990faaae14569b0
(6.9.13-39)
CVE-2026-25986 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-mqfc-82jx-3mr2
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/b9c80ad3ca802b6883da25f153c4fdf72c017eba
(7.1.2-14)
@@ -7047,14 +7289,14 @@ CVE-2026-25985 (ImageMagick is free and open-source
software used for editing an
CVE-2026-25984
REJECTED
CVE-2026-25983 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-fwqw-2x5x-w566
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/b4f8e1a387dd1d0a0af516071831a235f2fdf437
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/257200cb21de23404dce5f8261871845d425dee5
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/e5d3ca6dfb76dccb5bdf73c74135e0fde2f9d0b7
(6.9.13-39)
CVE-2026-25982 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pmq6-8289-hx3v
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4e1f5381d4ccbb6b71927e94c5d257fa883b3af7
(7.1.2-14)
@@ -7068,7 +7310,7 @@ CVE-2026-25971 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9313e530b37272b748898febd42b5949756f0179
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/9795300c611926fc895dd4e02a34ce185d8ed651
(6.9.13-39)
CVE-2026-25970 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xg29-8ghv-v4xr
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/729253dc16e1a1ec4cac891a12d597e3fa9336b3
(7.1.2-14)
@@ -7082,7 +7324,7 @@ CVE-2026-25969 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/a253d1b124ebdcc2832daac6f9a35c362635b40e
(7.1.2-14)
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick/commit/114356949267dc1e04dc0d5c460ca1c05833504a
(7.0.10-22)
CVE-2026-25968 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-3mwp-xqp2-q6ph
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/56f02958890b820cf2d0a6ecb04eb6f58ea75628
(7.1.2-14)
@@ -7103,14 +7345,14 @@ CVE-2026-25966 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/8d4c67a90ae458fb36393a05c0069e9123ac174c
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/2c2f87de5330cd895fab9ea6228577b30acd1c7a
(6.9.13-39)
CVE-2026-25965 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8jvj-p28h-9gm7
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/4a9dc1075dcad3ab0579e1b37dbe854c882699a5
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9
(6.9.13-39)
NOTE: for imagemagick6 fix in included in a jumbo security patch with
other fix like CVE-2026-25797
CVE-2026-25898 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vpxv-r9pg-7gpr
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/c9c87dbaba56bf82aebd3392e11f0ffd93709b12
(7.1.2-14)
@@ -7118,7 +7360,7 @@ CVE-2026-25898 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/66d3a6497eb89b3ce2a7b86cc23be6d69bce9220
(6.9.13-39)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/abfbcfe8e7884deb3560c74569c96ee4b068f3a6
(6.9.13-39)
CVE-2026-25897 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6j5f-24fw-pqp4
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/23fde73188ea32c15b607571775d4f92bdb75e60
(7.1.2-14)
@@ -7126,19 +7368,19 @@ CVE-2026-25897 (ImageMagick is free and open-source
software used for editing an
CVE-2026-25802 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
NOT-FOR-US: New API (QuantumNous/new-api)
CVE-2026-25799 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-543g-8grm-9cw6
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/412f3c8bc1d3b6890aad72376cd992c9b5177037
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/44c687dee38eb1a8053facb4a33dfa1e255875ea
(6.9.13-39)
CVE-2026-25798 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p863-5fgm-rgq4
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/16dd3158ce197c6f65e7798a7a5cc4538bb0303e
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/93a38e3a7bfb7a492409275321eca94df7cd03a7
(6.9.13-39)
CVE-2026-25797 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-rw6c-xp26-225v
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/26088a83d71e9daa203d54a56fe3c31f3f85463d
(7.1.2-14)
@@ -7147,13 +7389,13 @@ CVE-2026-25797 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/b4c37614b6da7695cb4f5b3c6e326a37bdf2b1a9
(6.9.13-39)
NOTE: for imagemagick6 fix in included in a jumbo security patch with
other fix like CVE-2026-25965
CVE-2026-25796 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-g2pr-qxjg-7r2w
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/93ad259ce4f6d641eea0bee73f374af90f35efc3
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/29aeed740553ed4e5c544e101ac468be55a919ff
(6.9.13-39)
CVE-2026-25795 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p33r-fqw2-rqmm
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/0c7d0b9671ae2616fca106dcada45536eb4df5dc
(7.1.2-14)
@@ -7171,7 +7413,7 @@ CVE-2026-25649 (Versions of the Traccar open-source GPS
tracking system up to an
CVE-2026-25648 (Versions of the Traccar open-source GPS tracking system
starting with ...)
NOT-FOR-US: Traccar
CVE-2026-25638 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-gxcx-qjqp-8vjw
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/1e88fca11c7b8517100d518bc99bd8c474f02f88
(7.1.2-14)
@@ -7187,7 +7429,7 @@ CVE-2026-25637 (ImageMagick is free and open-source
software used for editing an
CVE-2026-25591 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
NOT-FOR-US: New API (QuantumNous/new-api)
CVE-2026-25576 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-jv4p-gjwq-9r2j
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/077b42643212d7da8c1a4f6b2cd0067ebca8ec0f
(7.1.2-14)
@@ -7198,14 +7440,14 @@ CVE-2026-25545 (Astro is a web framework. Prior to
version 9.5.4, Server-Side Re
CVE-2026-25501 (free5GC SMF provides Session Management Function for free5GC,
an open- ...)
NOT-FOR-US: Free5GC
CVE-2026-24485 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-pqgj-2p96-rx85
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/332c1566acc2de77857032d3c2504ead6210ff50
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/55c344f4b514213642da41194bab57b4476fb9f5
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/75904c39049ec0b8d81eb7131bb05c0b23ad3189
(6.9.13-39)
CVE-2026-24484 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wg3g-gvx5-2pmv
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/0349df6d43d633bd61bb582d1e1e87d6332de32a
(7.1.2-14)
@@ -7213,7 +7455,7 @@ CVE-2026-24484 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/c47b28f700fc454e4f7c16e197a55149120697ea
(6.9.13-39)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/151dcb4f0246d1285cbd756a1f32797894ad5da5
(6.9.13-39)
CVE-2026-24481 (ImageMagick is free and open-source software used for editing
and mani ...)
- {DSA-6159-1 DSA-6158-1}
+ {DSA-6159-1 DSA-6158-1 DLA-4497-1}
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-96pc-27rx-pr36
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/51c9d33f4770cdcfa1a029199375d570af801c97
(7.1.2-14)
@@ -36789,6 +37031,7 @@ CVE-2025-67744 (DeepChat is an open-source artificial
intelligence agent platfor
CVE-2025-67736 (The FreePBX module tts (Text to Speech) for FreePBX, an
open-source we ...)
NOT-FOR-US: FreePBX module tts (Text to Speech) for FreePBX
CVE-2025-67735 (Netty is an asynchronous, event-driven network application
framework. ...)
+ {DSA-6160-1}
[experimental] - netty 1:4.1.48-15
- netty 1:4.1.48-16 (bug #1123606)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4
@@ -57046,6 +57289,7 @@ CVE-2025-59481 (A vulnerability exists in an
undisclosed iControl REST and BIG-I
CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile
is config ...)
NOT-FOR-US: F5
CVE-2025-59419 (Netty is an asynchronous, event-driven network application
framework. ...)
+ {DSA-6160-1}
- netty 1:4.1.48-11 (bug #1118282)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86
NOTE:
https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120
(netty-4.2.7.Final)
@@ -74531,12 +74775,14 @@ CVE-2025-58171
CVE-2025-58064 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC
archite ...)
TODO: check
CVE-2025-58057 (Netty is an asynchronous event-driven network application
framework fo ...)
+ {DSA-6160-1}
- netty 1:4.1.48-12 (bug #1113994)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj
NOTE: https://github.com/netty/netty/pull/15612
NOTE: Fixed by:
https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d
(netty-4.2.5.Final)
NOTE: Fixed by:
https://github.com/netty/netty/commit/34894ac73b02efefeacd9c0972780b32dc3de04f
(netty-4.1.125.Final)
CVE-2025-58056 (Netty is an asynchronous event-driven network application
framework fo ...)
+ {DSA-6160-1}
- netty 1:4.1.48-13 (bug #1113995)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49
NOTE: https://github.com/netty/netty/issues/15522
@@ -81199,6 +81445,7 @@ CVE-2025-55280 (This vulnerability exists in ZKTeco
WL20 due to storage of Wi-Fi
CVE-2025-55279 (This vulnerability exists in ZKTeco WL20 due to hard-coded
private key ...)
NOT-FOR-US: ZKTeco
CVE-2025-55163 (Netty is an asynchronous, event-driven network application
framework. ...)
+ {DSA-6160-1}
- netty 1:4.1.48-11 (bug #1111105)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
NOTE: Fixed by [1/2]:
https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1
(netty-4.1.124.Final)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aa74636453d80199c6ef226f117c104d3e2d025
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2aa74636453d80199c6ef226f117c104d3e2d025
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
