Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ef0a5883 by Salvatore Bonaccorso at 2026-05-07T10:08:23+02:00
Add initial tracking for some openexr CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -102,9 +102,13 @@ CVE-2026-43576 (OpenClaw before 2026.4.5 contains a
server-side request forgery
CVE-2026-43575 (OpenClaw versions 2026.2.21 before 2026.4.10 contain an
authentication ...)
NOT-FOR-US: OpenClaw
CVE-2026-42217 (OpenEXR provides the specification and reference
implementation of the ...)
- TODO: check
+ - openexr <unfixed>
+ NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-3c67-4wwp-w52m
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2378
+ NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/openexr/commit/21eaa33bcbbb0c83a5fc42f6b6d65b70a996e63c
CVE-2026-42216 (OpenEXR provides the specification and reference
implementation of the ...)
- TODO: check
+ - openexr <unfixed>
+ NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-65j8-95g9-jgj4
CVE-2026-42194 (Admidio is an open-source user management solution. Prior to
version 5 ...)
NOT-FOR-US: Admidio
CVE-2026-41891 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a
production ...)
@@ -170,7 +174,10 @@ CVE-2026-41201 (CI4MS is a CodeIgniter 4-based CMS
skeleton that delivers a prod
CVE-2026-41143 (YesWiki is a wiki system written in PHP. Prior to version
4.6.1, YesWi ...)
NOT-FOR-US: YesWiki
CVE-2026-41142 (OpenEXR provides the specification and reference
implementation of the ...)
- TODO: check
+ - openexr <unfixed>
+ NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-m25w-72cj-q6mg
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2367
+ NOTE:
https://github.com/AcademySoftwareFoundation/openexr/commit/0592ee539f33c122c90f09238579b902d838afb4
CVE-2026-41139 (Math.js is an extensive math library for JavaScript and
Node.js. From ...)
TODO: check
CVE-2026-41004 (When enabling trace logging in Spring Cloud Config Server
sensitive in ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0a58832f458d4ab837c1284f2ad9b53e34bc92
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef0a58832f458d4ab837c1284f2ad9b53e34bc92
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
