Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8e6a7e03 by security tracker role at 2026-04-01T07:13:53+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,511 @@ +CVE-2026-5258 (A vulnerability was found in Sanster IOPaint 1.5.3. Impacted is the fu ...) + TODO: check +CVE-2026-5257 (A vulnerability has been found in code-projects Simple Laundry System ...) + TODO: check +CVE-2026-5256 (A flaw has been found in code-projects Simple Laundry System 1.0. This ...) + TODO: check +CVE-2026-5255 (A vulnerability was detected in code-projects Simple Laundry System 1. ...) + TODO: check +CVE-2026-5254 (A security vulnerability has been detected in welovemedia FFmate up to ...) + TODO: check +CVE-2026-5253 (A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by ...) + TODO: check +CVE-2026-5252 (A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected ...) + TODO: check +CVE-2026-5251 (A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts a ...) + TODO: check +CVE-2026-5249 (A vulnerability was found in gougucms 4.08.18. This impacts an unknown ...) + TODO: check +CVE-2026-5248 (A vulnerability has been found in gougucms 4.08.18. This affects the f ...) + TODO: check +CVE-2026-5240 (A security vulnerability has been detected in code-projects BloodBank ...) + TODO: check +CVE-2026-5238 (A weakness has been identified in itsourcecode Payroll Management Syst ...) + TODO: check +CVE-2026-5237 (A security flaw has been discovered in itsourcecode Payroll Management ...) + TODO: check +CVE-2026-5236 (A vulnerability was identified in Axiomatic Bento4 up to 1.6.0-641. Af ...) + TODO: check +CVE-2026-5235 (A vulnerability was determined in Axiomatic Bento4 up to 1.6.0-641. Th ...) + TODO: check +CVE-2026-5215 (A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-5214 (A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-3 ...) + TODO: check +CVE-2026-5213 (A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-5212 (A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, ...) + TODO: check +CVE-2026-5211 (A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, ...) + TODO: check +CVE-2026-5210 (A vulnerability was detected in SourceCodester Leave Application Syste ...) + TODO: check +CVE-2026-5209 (A security vulnerability has been detected in SourceCodester Leave App ...) + TODO: check +CVE-2026-5206 (A security vulnerability has been detected in code-projects Simple Gym ...) + TODO: check +CVE-2026-5205 (A vulnerability was identified in chatwoot up to 4.11.2. Affected by t ...) + TODO: check +CVE-2026-5204 (A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the ...) + TODO: check +CVE-2026-5203 (A vulnerability was found in CMS Made Simple up to 2.2.22. This impact ...) + TODO: check +CVE-2026-5201 (A flaw was found in the gdk-pixbuf library. This heap-based buffer ove ...) + TODO: check +CVE-2026-5198 (A vulnerability was determined in code-projects Student Membership Sys ...) + TODO: check +CVE-2026-5197 (A vulnerability was found in code-projects Student Membership System 1 ...) + TODO: check +CVE-2026-5196 (A vulnerability has been found in code-projects Student Membership Sys ...) + TODO: check +CVE-2026-5195 (A flaw has been found in code-projects Student Membership System 1.0. ...) + TODO: check +CVE-2026-5190 (Out-of-bounds write in the streaming decoder component in aws-c-event- ...) + TODO: check +CVE-2026-5186 (A weakness has been identified in Nothings stb up to 2.30. This impact ...) + TODO: check +CVE-2026-4947 (Addressed a potential insecure direct object reference (IDOR) vulnerab ...) + TODO: check +CVE-2026-4819 (In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging ...) + TODO: check +CVE-2026-4818 (In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an i ...) + TODO: check +CVE-2026-4800 (Impact: The fix for CVE-2021-23337 (https://github.com/advisories/GHS ...) + TODO: check +CVE-2026-4799 (In Search Guard FLX up to version 4.0.1, it is possible to use special ...) + TODO: check +CVE-2026-4748 (A regression in the way hashes were calculated caused rules containing ...) + TODO: check +CVE-2026-4668 (The Booking for Appointments and Events Calendar - Amelia plugin for W ...) + TODO: check +CVE-2026-4400 (Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot M ...) + TODO: check +CVE-2026-4399 (Prompt injection vulnerability in 1millionbot Millie chatbot that occu ...) + TODO: check +CVE-2026-4374 (Improper Restriction of XML External Entity Reference vulnerability in ...) + TODO: check +CVE-2026-4317 (SQL inyection (SQLi) vulnerability in Umami Software web application t ...) + TODO: check +CVE-2026-4267 (The Query Monitor \u2013 The developer tools panel for WordPress plugi ...) + TODO: check +CVE-2026-3831 (The Database for Contact Form 7, WPforms, Elementor forms plugin for W ...) + TODO: check +CVE-2026-3780 (The application's installer runs with elevated privileges but resolves ...) + TODO: check +CVE-2026-3779 (The application's list box calculate array logic keeps stale reference ...) + TODO: check +CVE-2026-3778 (The application does not detect or guard against cyclic PDF object ref ...) + TODO: check +CVE-2026-3777 (The application does not properly validate the lifetime and validity o ...) + TODO: check +CVE-2026-3776 (The application does not validate the presence of required appearance ...) + TODO: check +CVE-2026-3775 (The application's update service, when checking for updates, loads cer ...) + TODO: check +CVE-2026-3774 (The application allows PDF JavaScript and document/print actions (such ...) + TODO: check +CVE-2026-3470 (A vulnerability exists in the SonicWall Email Security appliance due t ...) + TODO: check +CVE-2026-3469 (A denial-of-service (DoS) vulnerability exists due to improper input v ...) + TODO: check +CVE-2026-3468 (A stored Cross-Site Scripting (XSS) vulnerability has been identified ...) + TODO: check +CVE-2026-3356 (The MS27102A Remote Spectrum Monitor is vulnerable to an authenticatio ...) + TODO: check +CVE-2026-3308 (An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF ...) + TODO: check +CVE-2026-3191 (The Minify HTML plugin for WordPress is vulnerable to Cross-Site Reque ...) + TODO: check +CVE-2026-3139 (The User Profile Builder \u2013 Beautiful User Registration Forms, Use ...) + TODO: check +CVE-2026-3107 (Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5. ...) + TODO: check +CVE-2026-3106 (Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5. ...) + TODO: check +CVE-2026-35057 (XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross- ...) + TODO: check +CVE-2026-35056 (XenForo before 2.3.9 and before 2.2.18 allows remote code execution (R ...) + TODO: check +CVE-2026-35055 (XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scr ...) + TODO: check +CVE-2026-35054 (XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS ...) + TODO: check +CVE-2026-34887 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + TODO: check +CVE-2026-34784 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34740 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34739 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34738 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34737 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34733 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34732 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34731 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34716 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34613 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34611 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34605 (SiYuan is a personal knowledge management system. From version 3.6.0 t ...) + TODO: check +CVE-2026-34595 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34586 (PdfDing is a selfhosted PDF manager, viewer and editor offering a seam ...) + TODO: check +CVE-2026-34585 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...) + TODO: check +CVE-2026-34574 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34573 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34556 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34555 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34554 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34553 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34552 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34551 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34550 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34549 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34548 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34547 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34546 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34542 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34541 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34540 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34539 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34537 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34536 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34535 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34534 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34533 (iccDEV provides a set of libraries and tools for working with ICC colo ...) + TODO: check +CVE-2026-34532 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34509 (OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerabil ...) + TODO: check +CVE-2026-34508 (OpenClaw before 2026.3.12 applies rate limiting only after webhook aut ...) + TODO: check +CVE-2026-34506 (OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerabil ...) + TODO: check +CVE-2026-34505 (OpenClaw before 2026.3.12 applies rate limiting only after successful ...) + TODO: check +CVE-2026-34504 (OpenClaw before 2026.3.28 contains a server-side request forgery vulne ...) + TODO: check +CVE-2026-34503 (OpenClaw before 2026.3.28 fails to disconnect active WebSocket session ...) + TODO: check +CVE-2026-34453 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...) + TODO: check +CVE-2026-34452 (The Claude SDK for Python provides access to the Claude API from Pytho ...) + TODO: check +CVE-2026-34451 (Claude SDK for TypeScript provides access to the Claude API from serve ...) + TODO: check +CVE-2026-34450 (The Claude SDK for Python provides access to the Claude API from Pytho ...) + TODO: check +CVE-2026-34449 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...) + TODO: check +CVE-2026-34448 (SiYuan is a personal knowledge management system. Prior to version 3.6 ...) + TODO: check +CVE-2026-34443 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...) + TODO: check +CVE-2026-34442 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...) + TODO: check +CVE-2026-34441 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...) + TODO: check +CVE-2026-34406 (APTRS (Automated Penetration Testing Reporting System) is a Python and ...) + TODO: check +CVE-2026-34405 (Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to ...) + TODO: check +CVE-2026-34404 (Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to ...) + TODO: check +CVE-2026-34401 (XML Notepad is a Windows program that provides a simple intuitive User ...) + TODO: check +CVE-2026-34400 (Alerta is a monitoring tool. Prior to version 9.1.0, the Query string ...) + TODO: check +CVE-2026-34396 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34395 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34394 (WWBN AVideo is an open source video platform. In versions 26.0 and pri ...) + TODO: check +CVE-2026-34384 (Admidio is an open-source user management solution. Prior to version 5 ...) + TODO: check +CVE-2026-34383 (Admidio is an open-source user management solution. Prior to version 5 ...) + TODO: check +CVE-2026-34382 (Admidio is an open-source user management solution. From version 5.0.0 ...) + TODO: check +CVE-2026-34381 (Admidio is an open-source user management solution. From version 5.0.0 ...) + TODO: check +CVE-2026-34377 (ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad versio ...) + TODO: check +CVE-2026-34373 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34372 (Sulu is an open-source PHP content management system based on the Symf ...) + TODO: check +CVE-2026-34367 (InvoiceShelf is an open-source web & mobile app that helps track expen ...) + TODO: check +CVE-2026-34366 (InvoiceShelf is an open-source web & mobile app that helps track expen ...) + TODO: check +CVE-2026-34365 (InvoiceShelf is an open-source web & mobile app that helps track expen ...) + TODO: check +CVE-2026-34363 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34361 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...) + TODO: check +CVE-2026-34360 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...) + TODO: check +CVE-2026-34359 (HAPI FHIR is a complete implementation of the HL7 FHIR standard for he ...) + TODO: check +CVE-2026-34243 (wenxian is a tool to generate BIBTEX files from given identifiers (DOI ...) + TODO: check +CVE-2026-34240 (JOSE is a Javascript Object Signing and Encryption (JOSE) library. Pri ...) + TODO: check +CVE-2026-34237 (MCP Java SDK is the official Java SDK for Model Context Protocol serve ...) + TODO: check +CVE-2026-34235 (PJSIP is a free and open source multimedia communication library writt ...) + TODO: check +CVE-2026-34231 (Slippers is a UI component framework for Django. Prior to version 0.6. ...) + TODO: check +CVE-2026-34227 (Sliver is a command and control framework that uses a custom Wireguard ...) + TODO: check +CVE-2026-34224 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34221 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...) + TODO: check +CVE-2026-34220 (MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of ...) + TODO: check +CVE-2026-34219 (libp2p-rust is the official rust language Implementation of the libp2p ...) + TODO: check +CVE-2026-34218 (ClearanceKit intercepts file-system access events on macOS and enforce ...) + TODO: check +CVE-2026-34215 (Parse Server is an open source backend that can be deployed to any inf ...) + TODO: check +CVE-2026-34214 (Trino is a distributed SQL query engine for big data analytics. From v ...) + TODO: check +CVE-2026-34210 (mppx is a TypeScript interface for machine payments protocol. Prior to ...) + TODO: check +CVE-2026-34209 (mppx is a TypeScript interface for machine payments protocol. Prior to ...) + TODO: check +CVE-2026-34206 (Captcha Protect is a Traefik middleware to add an anti-bot challenge t ...) + TODO: check +CVE-2026-34204 (MinIO is a high-performance object storage system. Prior to version RE ...) + TODO: check +CVE-2026-34203 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + TODO: check +CVE-2026-34202 (ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad versio ...) + TODO: check +CVE-2026-34200 (Nhost is an open source Firebase alternative with GraphQL. Prior to ve ...) + TODO: check +CVE-2026-34172 (Giskard is an open-source Python library for testing and evaluating ag ...) + TODO: check +CVE-2026-34165 (go-git is an extensible git implementation library written in pure Go. ...) + TODO: check +CVE-2026-34163 (FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, F ...) + TODO: check +CVE-2026-34162 (FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, t ...) + TODO: check +CVE-2026-34156 (NocoBase is an AI-powered no-code/low-code platform for building busin ...) + TODO: check +CVE-2026-34155 (RAUC controls the update process on embedded Linux systems. Prior to v ...) + TODO: check +CVE-2026-33762 (go-git is an extensible git implementation library written in pure Go. ...) + TODO: check +CVE-2026-33581 (OpenClaw before 2026.3.24 contains a sandbox bypass vulnerability in t ...) + TODO: check +CVE-2026-33580 (OpenClaw before 2026.3.28 contains a missing rate limiting vulnerabili ...) + TODO: check +CVE-2026-33579 (OpenClaw before 2026.3.28 contains a privilege escalation vulnerabilit ...) + TODO: check +CVE-2026-33578 (OpenClaw before 2026.3.28 contains a sender policy bypass vulnerabilit ...) + TODO: check +CVE-2026-33577 (OpenClaw before 2026.3.28 contains an insufficient scope validation vu ...) + TODO: check +CVE-2026-33576 (OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo ...) + TODO: check +CVE-2026-33415 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-33300 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-33276 (Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0 ...) + TODO: check +CVE-2026-33185 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-33074 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-33073 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32988 (OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerabi ...) + TODO: check +CVE-2026-32982 (OpenClaw before 2026.3.13 contains an information disclosure vulnerabi ...) + TODO: check +CVE-2026-32977 (OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerabi ...) + TODO: check +CVE-2026-32976 (OpenClaw before 2026.3.11 contains an authorization bypass vulnerabili ...) + TODO: check +CVE-2026-32971 (OpenClaw before 2026.3.11 contains an approval-integrity vulnerability ...) + TODO: check +CVE-2026-32970 (OpenClaw before 2026.3.11 contains a credential fallback vulnerability ...) + TODO: check +CVE-2026-32951 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32921 (OpenClaw before 2026.3.8 contains an approval bypass vulnerability in ...) + TODO: check +CVE-2026-32920 (OpenClaw before 2026.3.12 automatically discovers and loads plugins fr ...) + TODO: check +CVE-2026-32917 (OpenClaw before 2026.3.13 contains a remote command injection vulnerab ...) + TODO: check +CVE-2026-32916 (OpenClaw versions 2026.3.7 before 2026.3.11 contain an authorization b ...) + TODO: check +CVE-2026-32726 (SciTokens C++ is a minimal library for creating and using SciTokens fr ...) + TODO: check +CVE-2026-32725 (SciTokens C++ is a minimal library for creating and using SciTokens fr ...) + TODO: check +CVE-2026-32620 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32619 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32618 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32615 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32607 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32273 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32243 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32143 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-32113 (Discourse is an open-source discussion platform. From versions 2026.1. ...) + TODO: check +CVE-2026-30521 (A Business Logic vulnerability exists in SourceCodester Loan Managemen ...) + TODO: check +CVE-2026-30520 (A Blind SQL Injection vulnerability exists in SourceCodester Loan Mana ...) + TODO: check +CVE-2026-30314 (Ridvay Code's command auto-approval module contains a critical OS comm ...) + TODO: check +CVE-2026-30312 (DSAI-Cline's command auto-approval module contains a critical OS comma ...) + TODO: check +CVE-2026-30311 (Ridvay Code's command auto-approval module contains a critical OS comm ...) + TODO: check +CVE-2026-30310 (In its design for automatic terminal command execution, Sixth offers t ...) + TODO: check +CVE-2026-30309 (InfCode's terminal auto-execution module contains a critical command f ...) + TODO: check +CVE-2026-30290 (An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ...) + TODO: check +CVE-2026-30286 (An arbitrary file overwrite vulnerability in Funambol, Inc. Zefiro Clo ...) + TODO: check +CVE-2026-30285 (An arbitrary file overwrite vulnerability in Zora: Post, Trade, Earn C ...) + TODO: check +CVE-2026-30284 (An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorde ...) + TODO: check +CVE-2026-30283 (An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal ...) + TODO: check +CVE-2026-30282 (An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Sc ...) + TODO: check +CVE-2026-30281 (An arbitrary file overwrite vulnerability in MaruNuri LLC v2.0.23 allo ...) + TODO: check +CVE-2026-30280 (An arbitrary file overwrite vulnerability in RAREPROB SOLUTIONS PRIVAT ...) + TODO: check +CVE-2026-30279 (An arbitrary file overwrite vulnerability in Squareapps LLC My Locatio ...) + TODO: check +CVE-2026-30278 (An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navig ...) + TODO: check +CVE-2026-30277 (An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX ...) + TODO: check +CVE-2026-30276 (An arbitrary file overwrite vulnerability in DeftPDF Document Translat ...) + TODO: check +CVE-2026-2950 (Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototy ...) + TODO: check +CVE-2026-2696 (The Export All URLs WordPress plugin before 5.1 generates CSV filename ...) + TODO: check +CVE-2026-2480 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + TODO: check +CVE-2026-2394 (Buffer Over-read vulnerability in RTI Connext Professional (Core Libra ...) + TODO: check +CVE-2026-2123 (A security audit identified a privilege escalation vulnerability in Op ...) + TODO: check +CVE-2026-29870 (A directory traversal vulnerability in the agentic-context-engine proj ...) + TODO: check +CVE-2026-24165 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...) + TODO: check +CVE-2026-24164 (NVIDIA BioNeMo contains a vulnerability where a user could cause a des ...) + TODO: check +CVE-2026-24154 (NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged ...) + TODO: check +CVE-2026-24153 (NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks tr ...) + TODO: check +CVE-2026-24148 (NVIDIA Jetson for JetPack contains a vulnerability in the system initi ...) + TODO: check +CVE-2026-22569 (An incorrect startup configuration of affected versions of Zscaler Cli ...) + TODO: check +CVE-2026-22561 (Uncontrolled search path elements in Anthropic Claude for Windows inst ...) + TODO: check +CVE-2026-20915 (Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) befo ...) + TODO: check +CVE-2026-1579 (The MAVLink communication protocol does not require cryptographic aut ...) + TODO: check +CVE-2026-0596 (A command injection vulnerability exists in mlflow/mlflow when serving ...) + TODO: check +CVE-2025-71282 (XenForo before 2.3.7 discloses filesystem paths through exception mess ...) + TODO: check +CVE-2025-71281 (XenForo before 2.3.7 does not properly restrict methods callable from ...) + TODO: check +CVE-2025-71280 (XenForo before 2.3.7 allows information disclosure via local account p ...) + TODO: check +CVE-2025-71279 (XenForo before 2.3.7 contains a security issue affecting Passkeys that ...) + TODO: check +CVE-2025-71278 (XenForo before 2.3.5 allows OAuth2 client applications to request unau ...) + TODO: check +CVE-2025-62184 (Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored C ...) + TODO: check +CVE-2025-41357 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...) + TODO: check +CVE-2025-41356 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...) + TODO: check +CVE-2025-41355 (Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Serve ...) + TODO: check +CVE-2025-15484 (The Order Notification for WooCommerce WordPress plugin before 3.6.3 ...) + TODO: check +CVE-2025-14213 (Cato Networks\u2019 Socket versions prior to 25 contain a command inje ...) + TODO: check +CVE-2025-13855 (IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vu ...) + TODO: check +CVE-2025-10559 (A Path Traversal vulnerability affecting Factory Resource Management i ...) + TODO: check +CVE-2025-10553 (A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Re ...) + TODO: check +CVE-2025-10551 (A Stored Cross-site Scripting (XSS) vulnerability affecting Document M ...) + TODO: check +CVE-2024-58342 (XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially c ...) + TODO: check CVE-2026-34956 - openvswitch <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2026/03/31/15 @@ -8,68 +516,68 @@ CVE-2026-34956 NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/1291c22c8ba59d40843502e97b37537bc53dfc53 (v3.6.3) NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/a9785c7e1df73fc3dd5f9ca3816a884e63f2f9e0 (v3.7.1) NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2026-March/431425.html -CVE-2026-5273 - - chromium <unfixed> +CVE-2026-5273 (Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5272 - - chromium <unfixed> +CVE-2026-5272 (Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 a ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5274 - - chromium <unfixed> +CVE-2026-5274 (Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 al ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5275 - - chromium <unfixed> +CVE-2026-5275 (Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5276 - - chromium <unfixed> +CVE-2026-5276 (Insufficient policy enforcement in WebUSB in Google Chrome prior to 14 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5277 - - chromium <unfixed> +CVE-2026-5277 (Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5278 - - chromium <unfixed> +CVE-2026-5278 (Use after free in Web MIDI in Google Chrome on Android prior to 146.0. ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5279 - - chromium <unfixed> +CVE-2026-5279 (Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allow ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5280 - - chromium <unfixed> +CVE-2026-5280 (Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 a ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5281 - - chromium <unfixed> +CVE-2026-5281 (Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowe ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5282 - - chromium <unfixed> +CVE-2026-5282 (Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.1 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5283 - - chromium <unfixed> +CVE-2026-5283 (Inappropriate implementation in ANGLE in Google Chrome prior to 146.0. ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5284 - - chromium <unfixed> +CVE-2026-5284 (Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowe ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5285 - - chromium <unfixed> +CVE-2026-5285 (Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allow ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5286 - - chromium <unfixed> +CVE-2026-5286 (Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowe ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5287 - - chromium <unfixed> +CVE-2026-5287 (Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5288 - - chromium <unfixed> +CVE-2026-5288 (Use after free in WebView in Google Chrome on Android prior to 146.0.7 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5289 - - chromium <unfixed> +CVE-2026-5289 (Use after free in Navigation in Google Chrome prior to 146.0.7680.178 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5290 - - chromium <unfixed> +CVE-2026-5290 (Use after free in Compositing in Google Chrome prior to 146.0.7680.178 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5291 - - chromium <unfixed> +CVE-2026-5291 (Inappropriate implementation in WebGL in Google Chrome prior to 146.0. ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-5292 - - chromium <unfixed> +CVE-2026-5292 (Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.1 ...) + - chromium <unfixed> [bullseye] - chromium <end-of-life> (see #1061268) CVE-2026-34743 [liblzma: Fix a buffer overflow in lzma_index_append()] - xz-utils <unfixed> @@ -77,57 +585,57 @@ CVE-2026-34743 [liblzma: Fix a buffer overflow in lzma_index_append()] [bookworm] - xz-utils <no-dsa> (Minor issue) NOTE: https://tukaani.org/xz/index-append-overflow.html NOTE: Fixed by: https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87 (v5.8.3) -CVE-2026-5087 +CVE-2026-5087 (PAGI::Middleware::Session::Store::Cookie versions through 0.001003 for ...) NOT-FOR-US: PAGI::Middleware::Session::Store::Cookie Perl module -CVE-2024-14031 +CVE-2024-14031 (Sereal::Encoder versions from 4.000 through 4.009_002 for Perl is vuln ...) - libsereal-encoder-perl <not-affected> (Vulnerable code never present in packaged versions) NOTE: Since 4.004+ds-1 the packaging excludes embedded zstd/ and before this version NOTE: does not embed a Zstandard (zstd) library NOTE: https://lists.security.metacpan.org/cve-announce/msg/38450207/ -CVE-2024-14030 +CVE-2024-14030 (Sereal::Decoder versions from 4.000 through 4.009_002 for Perl is vuln ...) - libsereal-encoder-perl <not-affected> (Vulnerable code never present in packaged versions) NOTE: Since 4.004+ds-1 the packaging excludes embedded zstd/ and before this version NOTE: does not embed a Zstandard (zstd) library NOTE: https://lists.security.metacpan.org/cve-announce/msg/38450209/ -CVE-2025-15618 +CVE-2025-15618 (Business::OnlinePayment::StoredTransaction versions through 0.01 for P ...) NOT-FOR-US: Business::OnlinePayment::StoredTransaction Perl module -CVE-2026-0396 +CVE-2026-0396 (An attacker might be able to inject HTML content into the internal web ...) - dnsdist 2.0.3-1 [bookworm] - dnsdist <end-of-life> (See #1119290) [bullseye] - dnsdist <end-of-life> (see #1119290) NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html NOTE: https://downloads.powerdns.com/patches/2026-02/ -CVE-2026-0397 +CVE-2026-0397 (When the internal webserver is enabled (default is disabled), an attac ...) - dnsdist 2.0.3-1 [bookworm] - dnsdist <end-of-life> (See #1119290) [bullseye] - dnsdist <end-of-life> (see #1119290) NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html NOTE: https://downloads.powerdns.com/patches/2026-02/ -CVE-2026-24028 +CVE-2026-24028 (An attacker might be able to trigger an out-of-bounds read by sending ...) - dnsdist 2.0.3-1 [bookworm] - dnsdist <end-of-life> (See #1119290) [bullseye] - dnsdist <end-of-life> (see #1119290) NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html NOTE: https://downloads.powerdns.com/patches/2026-02/ -CVE-2026-24029 +CVE-2026-24029 (When the early_acl_drop (earlyACLDrop in Lua) option is disabled (defa ...) - dnsdist 2.0.3-1 [bookworm] - dnsdist <end-of-life> (See #1119290) [bullseye] - dnsdist <end-of-life> (see #1119290) NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html NOTE: https://downloads.powerdns.com/patches/2026-02/ -CVE-2026-24030 +CVE-2026-24030 (An attacker might be able to trick DNSdist into allocating too much me ...) - dnsdist 2.0.3-1 [bookworm] - dnsdist <end-of-life> (See #1119290) [bullseye] - dnsdist <end-of-life> (see #1119290) NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html NOTE: https://downloads.powerdns.com/patches/2026-02/ -CVE-2026-27853 +CVE-2026-27853 (An attacker might be able to trigger an out-of-bounds write by sending ...) - dnsdist 2.0.3-1 [bookworm] - dnsdist <end-of-life> (See #1119290) [bullseye] - dnsdist <end-of-life> (see #1119290) NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html NOTE: https://downloads.powerdns.com/patches/2026-02/ -CVE-2026-27854 +CVE-2026-27854 (An attacker might be able to trigger a use-after-free by sending craft ...) - dnsdist 2.0.3-1 [bookworm] - dnsdist <end-of-life> (See #1119290) [bullseye] - dnsdist <end-of-life> (see #1119290) @@ -299,7 +807,8 @@ CVE-2026-5164 (A flaw was found in virtio-win. The `RhelDoUnMap()` function does NOT-FOR-US: virtio Windows drivers CVE-2026-5147 (A security flaw has been discovered in YunaiV yudao-cloud up to 2026.0 ...) NOT-FOR-US: YunaiV yudao-cloud -CVE-2026-5128 (A sensitive information exposure vulnerability exists in ArthurFiorett ...) +CVE-2026-5128 + REJECTED NOT-FOR-US: ArthurFiorette steam-trader CVE-2026-5126 (A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected ...) NOT-FOR-US: SourceCodester @@ -1468,7 +1977,7 @@ CVE-2026-3650 (A memory leak exists in the Grassroots DICOM library (GDCM). The CVE-2026-1556 (Information disclosure in the file URI processing of File (Field) Path ...) - drupal7 <removed> CVE-2026-33542 (Incus is a system container and virtual machine manager. Prior to vers ...) - {DSA-6184-1} + {DSA-6188-1 DSA-6184-1} - incus 6.0.6-2 - lxd <removed> NOTE: https://github.com/lxc/incus/pull/3092 @@ -1486,7 +1995,7 @@ CVE-2026-33743 (Incus is a system container and virtual machine manager. Prior t NOTE: https://github.com/lxc/incus/pull/3092 NOTE: https://github.com/lxc/incus/security/advisories/GHSA-vg76-xmhg-j5x3 CVE-2026-33897 (Incus is a system container and virtual machine manager. Prior to vers ...) - {DSA-6184-1} + {DSA-6188-1 DSA-6184-1} - incus 6.0.6-2 - lxd <removed> NOTE: https://github.com/lxc/incus/pull/3092 @@ -1856,6 +2365,7 @@ CVE-2026-23396 (In the Linux kernel, the following vulnerability has been resolv - linux 6.19.10-1 NOTE: https://git.kernel.org/linus/c73bb9a2d33bf81f6eecaa0f474b6c6dbe9855bd (7.0-rc5) CVE-2026-33416 (LIBPNG is a reference library for use in applications that read, creat ...) + {DSA-6189-1} - libpng1.6 1.6.56-1 (bug #1132012) NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j NOTE: https://github.com/pnggroup/libpng/pull/824 @@ -1864,6 +2374,7 @@ CVE-2026-33416 (LIBPNG is a reference library for use in applications that read, NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667 (v1.6.56) NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1 (v1.6.56) CVE-2026-33636 (LIBPNG is a reference library for use in applications that read, creat ...) + {DSA-6189-1} - libpng1.6 1.6.56-1 (bug #1132013) NOTE: https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2 NOTE: Introduced with: https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869 (v1.6.36) @@ -6665,7 +7176,7 @@ CVE-2026-4439 (Out of bounds memory access in WebGL in Google Chrome on Android {DSA-6171-1} - chromium 146.0.7680.153-1 [bullseye] - chromium <end-of-life> (see #1061268) -CVE-2026-34881 [OSSA-2026-004: Server-Side Request Forgery (SSRF) vulnerabilities inOpenStack Glance image import functionality] +CVE-2026-34881 (OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Se ...) - glance 2:31.0.0-3 (bug #1131274) [trixie] - glance <no-dsa> (Minor issue) [bookworm] - glance <no-dsa> (Minor issue) @@ -9308,7 +9819,7 @@ CVE-2026-28792 (Tina is a headless content management system. Prior to 2.1.8 , t CVE-2026-28791 (Tina is a headless content management system. Prior to 2.1.7, a path t ...) NOT-FOR-US: Tina CMS (different from src:tina) CVE-2026-28384 (An improper sanitization of the compression_algorithm parameter in Can ...) - {DSA-6184-1} + {DSA-6188-1 DSA-6184-1} - incus 6.0.6-1 - lxd <removed> NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-4rmf-rcp8-2r9g @@ -46933,7 +47444,7 @@ CVE-2025-67744 (DeepChat is an open-source artificial intelligence agent platfor CVE-2025-67736 (The FreePBX module tts (Text to Speech) for FreePBX, an open-source we ...) NOT-FOR-US: FreePBX module tts (Text to Speech) for FreePBX CVE-2025-67735 (Netty is an asynchronous, event-driven network application framework. ...) - {DSA-6160-1} + {DSA-6160-1 DLA-4519-1} [experimental] - netty 1:4.1.48-15 - netty 1:4.1.48-16 (bug #1123606) NOTE: https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4 @@ -67237,7 +67748,7 @@ CVE-2025-59481 (A vulnerability exists in an undisclosed iControl REST and BIG-I CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile is config ...) NOT-FOR-US: F5 CVE-2025-59419 (Netty is an asynchronous, event-driven network application framework. ...) - {DSA-6160-1} + {DSA-6160-1 DLA-4519-1} - netty 1:4.1.48-11 (bug #1118282) NOTE: https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86 NOTE: https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120 (netty-4.2.7.Final) @@ -84738,14 +85249,14 @@ CVE-2025-58171 CVE-2025-58064 (CKEditor 5 is a modern JavaScript rich-text editor with an MVC archite ...) TODO: check CVE-2025-58057 (Netty is an asynchronous event-driven network application framework fo ...) - {DSA-6160-1} + {DSA-6160-1 DLA-4519-1} - netty 1:4.1.48-12 (bug #1113994) NOTE: https://github.com/netty/netty/security/advisories/GHSA-3p8m-j85q-pgmj NOTE: https://github.com/netty/netty/pull/15612 NOTE: Fixed by: https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d (netty-4.2.5.Final) NOTE: Fixed by: https://github.com/netty/netty/commit/34894ac73b02efefeacd9c0972780b32dc3de04f (netty-4.1.125.Final) CVE-2025-58056 (Netty is an asynchronous event-driven network application framework fo ...) - {DSA-6160-1} + {DSA-6160-1 DLA-4519-1} - netty 1:4.1.48-13 (bug #1113995) NOTE: https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49 NOTE: https://github.com/netty/netty/issues/15522 @@ -91412,7 +91923,7 @@ CVE-2025-55280 (This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi CVE-2025-55279 (This vulnerability exists in ZKTeco WL20 due to hard-coded private key ...) NOT-FOR-US: ZKTeco CVE-2025-55163 (Netty is an asynchronous, event-driven network application framework. ...) - {DSA-6160-1} + {DSA-6160-1 DLA-4519-1} - netty 1:4.1.48-11 (bug #1111105) NOTE: https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4 NOTE: Fixed by [1/2]: https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1 (netty-4.1.124.Final) @@ -245719,7 +246230,7 @@ CVE-2024-29650 (An issue in @thi.ng/paths v.5.1.62 and before allows a remote at CVE-2024-29515 (File Upload vulnerability in lepton v.7.1.0 allows a remote authentica ...) NOT-FOR-US: Lepton CMS CVE-2024-29025 (Netty is an asynchronous event-driven network application framework fo ...) - {DLA-3834-1} + {DLA-4519-1 DLA-3834-1} - netty 1:4.1.48-10 (bug #1068110) [bookworm] - netty 1:4.1.48-7+deb12u2 NOTE: https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6a7e03e5eec7b44abf1f97204b2e040046288f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8e6a7e03e5eec7b44abf1f97204b2e040046288f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
