Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2854bf4f by Salvatore Bonaccorso at 2026-05-09T20:00:25+02:00
Track fixed version for thrift issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4595,7 +4595,7 @@ CVE-2026-5766 (An issue was discovered in 6.0 before
6.0.5 and 5.2 before 5.2.14
NOTE: Fixed by:
https://github.com/django/django/commit/2ec27eda3ba6c14f0856e6e3eb1df07c41fd95e6
(5.2.14)
CVE-2026-43869 (Improper Validation of Certificate with Host Mismatch
vulnerability in ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/3
NOTE: java bindings not built in Debian package
CVE-2026-7824 (An issue was discovered in the PaperCut Hive Ricoh embedded
applicatio ...)
@@ -5045,7 +5045,7 @@ CVE-2025-13605 (3onedata modbus gateway device
modelGW1101-1D(RS-485)-TB-P (hard
NOT-FOR-US: 3onedata modbus gateway
CVE-2026-43870 (Origin Validation Error, Improper Limitation of a Pathname to
a Restri ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/4
NOTE: nodejs bindings not built in Debian package
CVE-2025-70070 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a
denial ...)
@@ -5065,7 +5065,7 @@ CVE-2025-70067 (Buffer Overflow vulnerability exists in
Assimp versions up to 6.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465308
CVE-2026-43868 (Memory Allocation with Excessive Size Value vulnerability in
Apache Th ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/2
NOTE: rust bindings not built in Debian package
CVE-2026-43964 (Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before
3.10.9 somet ...)
@@ -7973,25 +7973,25 @@ CVE-2026-41873 (** UNSUPPORTED WHEN ASSIGNED **
Inconsistent Interpretation of H
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41607 (Out-of-bounds Read vulnerability in Apache Thrift. This issue
affects ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/2
CVE-2026-41606 (Uncontrolled Recursion vulnerability in Apache Thrift. This
issue aff ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/3
CVE-2026-41603 (Improper Validation of Certificate with Host Mismatch
vulnerability in ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/7
CVE-2026-41602 (Integer Overflow or Wraparound vulnerability in Apache Thrift
TFramedT ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/6
@@ -8044,7 +8044,7 @@ CVE-2025-60887 (An issue was discovered in Cista v0.15
and below. Insecure deser
NOT-FOR-US: Cista
CVE-2025-48431 (Mismatched Memory Management Routines vulnerability in Apache
Thrift c ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/8
@@ -8090,17 +8090,17 @@ CVE-2026-31787 (In the Linux kernel, the following
vulnerability has been resolv
NOTE: https://xenbits.xen.org/xsa/advisory-487.html
CVE-2026-41636 (Uncontrolled Recursion vulnerability in Apache Thrift Node.js
bindings ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/1
NOTE: nodejs bindings not built in Debian package
CVE-2026-41605 (Integer Overflow or Wraparound vulnerability in Apache Thrift.
This i ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/4
NOTE: swift bindings not built in Debian package
CVE-2026-41604 (Out-of-bounds Read vulnerability in Apache Thrift. This issue
affects ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/5
NOTE: swift bindings not built in Debian package
CVE-2026-7234 (A weakness has been identified in BrowserOperator
browser-operator-cor ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2854bf4f8bfd78bf95dfffa7a267bfcbbff17f93
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2854bf4f8bfd78bf95dfffa7a267bfcbbff17f93
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
