Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9a195c7f by Salvatore Bonaccorso at 2026-05-03T21:27:57+02:00
Track some thrift issues fixed via experimental upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2697,15 +2697,19 @@ CVE-2026-4805 (The Woostify plugin for WordPress is
vulnerable to Stored Cross-S
CVE-2026-41873 (** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of
HTTP Re ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41607 (Out-of-bounds Read vulnerability in Apache Thrift. This issue
affects ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/2
CVE-2026-41606 (Uncontrolled Recursion vulnerability in Apache Thrift. This
issue aff ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/3
CVE-2026-41603 (Improper Validation of Certificate with Host Mismatch
vulnerability in ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/7
CVE-2026-41602 (Integer Overflow or Wraparound vulnerability in Apache Thrift
TFramedT ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/6
CVE-2026-41526 (In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended
to safel ...)
@@ -2754,6 +2758,7 @@ CVE-2025-60889 (Insecure deserialization of untrusted
input in StellarGroup HPX
CVE-2025-60887 (An issue was discovered in Cista v0.15 and below. Insecure
deserializa ...)
NOT-FOR-US: Cista
CVE-2025-48431 (Mismatched Memory Management Routines vulnerability in Apache
Thrift c ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/8
CVE-2025-10539 (Due to improper TLS certificate validation in the DeskTime
Time Tracki ...)
@@ -2797,14 +2802,17 @@ CVE-2026-31787 (In the Linux kernel, the following
vulnerability has been resolv
- linux 7.0.3-1
NOTE: https://xenbits.xen.org/xsa/advisory-487.html
CVE-2026-41636 (Uncontrolled Recursion vulnerability in Apache Thrift Node.js
bindings ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/1
NOTE: nodejs bindings not built in Debian package
CVE-2026-41605 (Integer Overflow or Wraparound vulnerability in Apache Thrift.
This i ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/4
NOTE: swift bindings not built in Debian package
CVE-2026-41604 (Out-of-bounds Read vulnerability in Apache Thrift. This issue
affects ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/5
NOTE: swift bindings not built in Debian package
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a195c7fc339857746b686c7bc25e308b5e7ad9c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a195c7fc339857746b686c7bc25e308b5e7ad9c
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
