Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a743ec3f by Salvatore Bonaccorso at 2026-05-08T22:36:41+02:00
Add CVE-2026-41889/pgx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80,7 +80,10 @@ CVE-2026-42030 (MapServer is a system for developing
web-based GIS applications.
CVE-2026-42028 (novaGallery is a php image gallery. Prior to version 2.1.1, a
path tra ...)
NOT-FOR-US: novaGallery
CVE-2026-41889 (pgx is a PostgreSQL driver and toolkit for Go. Prior to
version 5.9.2, ...)
- TODO: check
+ - golang-github-jackc-pgx-v5 <unfixed>
+ NOTE:
https://github.com/jackc/pgx/security/advisories/GHSA-j88v-2chj-qfwx
+ NOTE: Fixed by:
https://github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955da
(v5.9.2)
+ TODO: check the other golang-github-jackc-pgx* sources
CVE-2026-41887 (Flarum is open-source forum software. Prior to versions 1.8.16
and 2.0 ...)
NOT-FOR-US: Flarum
CVE-2026-41886 (locize is a localization platform that connects code and i18n
setup. P ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a743ec3feb967c9811785d8dd5818592975bde78
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a743ec3feb967c9811785d8dd5818592975bde78
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
