Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7d9390c5 by Daniel Leidert at 2026-03-16T04:38:13+01:00
Add patch link for CVE-2026-32746/inetutils
- - - - -
9a5a9440 by Daniel Leidert at 2026-03-16T04:38:13+01:00
Add patch links for CVE-2025-11143/jetty9+jetty12
- - - - -
db7e2de5 by Daniel Leidert at 2026-03-16T04:38:13+01:00
lts: add patch link for CVE-2026-29063/node-immutable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -144,6 +144,7 @@ CVE-2026-3873 (Use of Hard-coded Credentials vulnerability
in Avantra allows Acc
CVE-2026-32746 (telnetd in GNU inetutils through 2.7 allows an out-of-bounds
write in ...)
- inetutils <unfixed> (bug #1130742)
NOTE:
https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
+ NOTE: Fixed by:
https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=6864598a29b652a6b69a958f5cd1318aa2b258af
CVE-2026-32745 (In JetBrains Datalore before 2026.1 session hijacking was
possible due ...)
NOT-FOR-US: JetBrains
CVE-2026-32600 (xml-security is a library that implements XML signatures and
encryptio ...)
@@ -3578,6 +3579,7 @@ CVE-2026-29063 (Immutable.js provides many Persistent
Immutable data structures.
- node-immutable 4.3.8-1
NOTE: Fixed by:
https://github.com/immutable-js/immutable-js/commit/faeb58b0cc71ed351dc51f672a95ae21bc859ef5
(v4.3.8)
NOTE: Fixed by:
https://github.com/immutable-js/immutable-js/commit/94bcd3c79972db4afffd8d1e5aab415880098b05
(v4.3.8)
+ NOTE: Fixed by:
https://github.com/immutable-js/immutable-js/commit/6e2cf1cfe6137e72dfa48fc2cfa8f4d399d113f9
(v3.8.3)
CVE-2026-28514 (Rocket.Chat is an open-source, secure, fully customizable
communicatio ...)
NOT-FOR-US: Rocket.Chat
CVE-2026-28106 (URL Redirection to Untrusted Site ('Open Redirect')
vulnerability in K ...)
@@ -4325,6 +4327,8 @@ CVE-2025-11143 (The Jetty URI parser has some key
differences to other common pa
- jetty9 <unfixed>
- jetty <removed>
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
+ NOTE: Fixed by: https://github.com/jetty/jetty.project/pull/14014
(jetty-12.1.x)
+ NOTE: Fixed by: https://github.com/jetty/jetty.project/pull/14011
(jetty-9.4.x)
CVE-2024-43035 (Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to
read arb ...)
NOT-FOR-US: Fonoster
CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL
Injectio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d707f908a92c9c04419b4efe5e659a7894d0f1a7...db7e2de5be97c64075520513035a69dcc341fe1d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d707f908a92c9c04419b4efe5e659a7894d0f1a7...db7e2de5be97c64075520513035a69dcc341fe1d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
