Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d41449af by Salvatore Bonaccorso at 2026-05-05T14:30:02+02:00
Add references for CVE-2026-40682
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -271,6 +271,11 @@ CVE-2026-40797 (Improper Neutralization of Special
Elements used in an SQL Comma
CVE-2026-40682 (XML External Entity (XXE) via Unsanitized Dictionary Parsing
in Apache ...)
- apache-opennlp <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/01/19
+ NOTE: https://issues.apache.org/jira/browse/OPENNLP-1819
+ NOTE: https://github.com/apache/opennlp/pull/1019
+ NOTE: Fixed by:
https://github.com/apache/opennlp/commit/b85e45f064a9b9089b65ca73c75544092fec4eae
(opennlp-3.0.0-M3)
+ NOTE: https://github.com/apache/opennlp/pull/1020
+ NOTE: Fixed by:
https://github.com/apache/opennlp/commit/d9aaa472e0e6672d672bfc296a69ab68f8757959
(opennlp-2.5.9)
CVE-2026-40563 (Description: Improper Control of Generation of Code ('Code
Injection') ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-3456 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot
and Le ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d41449af2c111aca4e85c98c797d52b7d3626509
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d41449af2c111aca4e85c98c797d52b7d3626509
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
