Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a67d596e by Salvatore Bonaccorso at 2026-03-27T06:09:59+01:00
Track fixed version for nats-server issues fixed via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -488,21 +488,21 @@ CVE-2026-33287 (LiquidJS is a Shopify / GitHub Pages
compatible template engine
CVE-2026-33285 (LiquidJS is a Shopify / GitHub Pages compatible template
engine in pur ...)
NOT-FOR-US: LiquidJS
CVE-2026-33249 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
[trixie] - nats-server <not-affected> (Vulnerable code introduced later)
[bookworm] - nats-server <not-affected> (Vulnerable code introduced
later)
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-8m2x-3m6q-6w8j
NOTE: https://advisories.nats.io/CVE/secnote-2026-15.txt
CVE-2026-33248 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-3f24-pcvm-5jqc
NOTE: https://advisories.nats.io/CVE/secnote-2026-13.txt
CVE-2026-33223 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-pwx7-fx9r-hr4h
NOTE: https://advisories.nats.io/CVE/secnote-2026-09.txt
CVE-2026-33222 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-9983-vrx2-fg9c
NOTE: https://advisories.nats.io/CVE/secnote-2026-12.txt
CVE-2026-33201 (Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO.,
LTD. contai ...)
@@ -698,29 +698,29 @@ CVE-2026-33660 (n8n is an open source workflow automation
platform. Prior to ver
CVE-2026-33268 (Nanoleaf Lines 12.3.2 does not authenticate firmware file
uploads. A r ...)
NOT-FOR-US: Nanoleaf Lines
CVE-2026-33247 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv
NOTE: https://advisories.nats.io/CVE/secnote-2026-14.txt
CVE-2026-33246 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-55h8-8g96-x4hj
NOTE: https://advisories.nats.io/CVE/secnote-2026-08.txt
CVE-2026-33219 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j
NOTE: https://advisories.nats.io/CVE/secnote-2026-11.txt
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw
NOTE: https://advisories.nats.io/CVE/secnote-2026-02.txt
CVE-2026-33218 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339
NOTE: https://advisories.nats.io/CVE/secnote-2026-10.txt
CVE-2026-33217 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5
NOTE: https://advisories.nats.io/CVE/secnote-2026-07.txt
CVE-2026-33216 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc
NOTE: Fixed by:
https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099
(v2.12.6)
NOTE: https://advisories.nats.io/CVE/secnote-2026-05.txt
@@ -881,7 +881,7 @@ CVE-2026-2349 (Improper Neutralization of Input During Web
Page Generation ("Cro
CVE-2026-2348 (Improper Neutralization of Input During Web Page Generation
("Cross-si ...)
NOT-FOR-US: Drupal core and addons
CVE-2026-29785 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6
NOTE: Fixed by:
https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8
(v2.12.5)
NOTE: https://advisories.nats.io/CVE/secnote-2026-04.txt
@@ -890,7 +890,7 @@ CVE-2026-29092 (Kiteworks is a private data network (PDN).
Prior to version 9.2.
CVE-2026-28529 (cryptodev-linux version 1.14 and prior contain a page
reference handli ...)
TODO: check
CVE-2026-27889 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6
NOTE: https://advisories.nats.io/CVE/secnote-2026-03.txt
CVE-2026-27659 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10,
11.4.x <= 1 ...)
@@ -1925,7 +1925,7 @@ CVE-2026-3912 (Injection vulnerabilities due to
validation/sanitisation of user-
CVE-2026-33253 (SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers
Windows se ...)
NOT-FOR-US: SANYO DENKI
CVE-2026-33215 (NATS-Server is a High-Performance server for NATS.io, a cloud
and edge ...)
- - nats-server <unfixed>
+ - nats-server 2.12.6-1
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879
NOTE: https://advisories.nats.io/CVE/secnote-2026-06.txt
CVE-2026-32326 (SHARP routers do not perform authentication for some web APIs.
The dev ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a67d596ef763f546a711a29e5e903166ba1e6049
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a67d596ef763f546a711a29e5e903166ba1e6049
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
