Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97537767 by Daniel Leidert at 2026-03-16T02:04:52+01:00
lts: mark CVE-2026-30928,CVE-2026-30930/glances as not affecting Bullseye
- - - - -
9388bbc5 by Daniel Leidert at 2026-03-16T02:17:37+01:00
Add patch link for CVE-2025-66678/activemq
- - - - -
50c642af by Daniel Leidert at 2026-03-16T02:28:38+01:00
Add patch links for CVE-2026-22891,CVE-2026-20777,CVE-2025-64736/biosig
- - - - -
26cfcf43 by Daniel Leidert at 2026-03-16T02:58:33+01:00
Add link to commit that introduced CVE-2026-23865/freetype
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2188,12 +2188,14 @@ CVE-2026-30930 (Glances is an open-source system
cross-platform monitoring tool.
- glances 4.5.1+dfsg-1 (bug #1130504)
[trixie] - glances <not-affected> (Vulnerable code introduced later)
[bookworm] - glances <not-affected> (Vulnerable code introduced later)
+ [bullseye] - glances <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6
NOTE: Introduced with:
https://github.com/nicolargo/glances/commit/1365d600a3c92483efa42ad67aad8b9aa2769635
(v4.3.2)
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336
(v4.5.1)
CVE-2026-30928 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances 4.5.1+dfsg-1 (bug #1130503)
[bookworm] - glances <not-affected> (Vulnerable code introduced later)
+ [bullseye] - glances <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/5d3de603e63f21b0fd6aa2b9da0301f757c33e39
(v4.5.1)
CVE-2026-30897 (A stack-based buffer overflow vulnerability in Fortinet
FortiWeb 8.0.0 ...)
@@ -5305,6 +5307,9 @@ CVE-2025-66678 (An issue in the HwRwDrv.sys component of
Nil Hardware Editor Har
CVE-2025-66168 (Apache ActiveMQ does not properly validate the remaining
length field ...)
- activemq <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/03/03/5
+ NOTE: https://issues.apache.org/jira/browse/AMQ-9810
+ NOTE: Fixed by:
https://github.com/apache/activemq/commit/3f0720c085b24f25c98e414fefc007bc42470ee3
(activemq-5.19.2)
+ NOTE: Fixed by:
https://github.com/apache/activemq/commit/ebed70bcd221e91d303576bdbd8acd357b914259
(activemq-5.19.2)
CVE-2025-62879 (A vulnerability has been identified within the Rancher Backup
Operator ...)
NOT-FOR-US: Rancher backup operator
CVE-2025-59787 (2N Access Commander application version 3.4.2 and prior
returns HTTP 5 ...)
@@ -5597,11 +5602,13 @@ CVE-2026-24103 (A buffer overflow vulnerability was
discovered in goform/formSet
CVE-2026-22891 (A heap-based buffer overflow vulnerability exists in the Intan
CLP par ...)
- biosig <unfixed> (bug #1130889)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361
+ NOTE: Fixed by:
https://sourceforge.net/p/biosig/code/ci/3002bdc6f46225a4e76caefdd2444276e6c5b0a7/
(v3.9.3)
CVE-2026-22886 (OpenMQ exposes a TCP-based management service (imqbrokerd)
that by def ...)
NOT-FOR-US: OpenMQ
CVE-2026-20777 (A heap-based buffer overflow vulnerability exists in the
Nicolet WFT p ...)
- biosig <unfixed> (bug #1130889)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362
+ NOTE: Fixed by:
https://sourceforge.net/p/biosig/code/ci/abe197c3627256ef3615a2d2f808ded069e1df4b/
(v3.9.3)
CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
NOT-FOR-US: IBM
CVE-2026-0540 (DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in
commit ...)
@@ -5624,6 +5631,7 @@ CVE-2025-66363 (An issue was discovered in LBS in Samsung
Mobile Processor Exyno
CVE-2025-64736 (An out-of-bounds read vulnerability exists in the ABF parsing
function ...)
- biosig <unfixed> (bug #1130889)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323
+ NOTE: Fixed by:
https://sourceforge.net/p/biosig/code/ci/718741c09e0b065b8ad0ebf66128a44899554930/
(v3.9.3)
CVE-2025-63912 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614
was disc ...)
NOT-FOR-US: Cohesity TranZman Migration Appliance
CVE-2025-63911 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614
was disc ...)
@@ -5876,6 +5884,7 @@ CVE-2026-24101 (An issue was discovered in
goform/formSetIptv in Tenda AC15V1.0
NOT-FOR-US: Tenda
CVE-2026-23865 (An integer overflow in the tt_var_load_item_variation_store
function o ...)
- freetype 2.14.2+dfsg-1 (bug #1129606)
+ NOTE: Introduced by:
https://gitlab.com/freetype/freetype/-/commit/115e927540dba128980dd734dadeb06aa7b0f4d8
(VER-2-13-1)
NOTE: Fixed by:
https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c
(VER-2-14-2)
CVE-2026-23600 (A remote authentication bypass vulnerability exists in HPE
AutoPass ...)
NOT-FOR-US: HPE
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0242352654ad44afa4500bac597e4120a856f5a7...26cfcf43fadad029da2915ffade36e8a008056c4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0242352654ad44afa4500bac597e4120a856f5a7...26cfcf43fadad029da2915ffade36e8a008056c4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
