[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) Sun, 10 May 2026 11:17:19 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3e016197 by Moritz Muehlenhoff at 2026-05-10T20:16:51+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10890,12 +10890,12 @@ CVE-2026-35378 (A logic error in the expr utility of 
uutils coreutils causes the
        NOTE: https://github.com/uutils/coreutils/pull/11395
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/76b2f7877f558f3bfa78e3d4f49f022460f509b7
 (0.8.0)
 CVE-2026-35377 (A logic error in the env utility of uutils coreutils causes a 
failure  ...)
-       - rust-coreutils <unfixed>
+       - rust-coreutils <unfixed> (bug #1136207)
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11512
 CVE-2026-35376 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists 
in the ch ...)
-       - rust-coreutils <unfixed>
+       - rust-coreutils <unfixed> (bug #1136203)
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11402
@@ -10906,12 +10906,12 @@ CVE-2026-35375 (A logic error in the split utility of 
uutils coreutils causes th
        NOTE: https://github.com/uutils/coreutils/pull/11397
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/d2b9550fe821a9a10bf0cec057509211357363f1
 (0.8.0)
 CVE-2026-35374 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists 
in the sp ...)
-       - rust-coreutils <unfixed>
+       - rust-coreutils <unfixed> (bug #1136202)
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11401
 CVE-2026-35373 (A logic error in the ln utility of uutils coreutils causes the 
program ...)
-       - rust-coreutils <unfixed>
+       - rust-coreutils <unfixed> (bug #1136201)
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/pull/11403
@@ -10922,12 +10922,12 @@ CVE-2026-35372 (A logic error in the ln utility of 
uutils coreutils allows the u
        NOTE: https://github.com/uutils/coreutils/pull/11253
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/394c4b17f2f382b4be9f54389bcb79028de02f39
 (0.8.0)
 CVE-2026-35371 (The id utility in uutils coreutils exhibits incorrect behavior 
in its  ...)
-       - rust-coreutils <unfixed>
+       - rust-coreutils <unfixed> (bug #1136200)
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10006
 CVE-2026-35370 (The id utility in uutils coreutils miscalculates the groups= 
section o ...)
-       - rust-coreutils <unfixed>
+       - rust-coreutils <unfixed> (bug #1136199)
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10006
@@ -10938,7 +10938,7 @@ CVE-2026-35369 (An argument parsing error in the kill 
utility of uutils coreutil
        NOTE: https://github.com/uutils/coreutils/pull/9700
        NOTE: Fixed by: 
https://github.com/uutils/coreutils/commit/cae94028afcfa19b78dfc1072d1a22d8b2c6ca38
 (0.6.0)
 CVE-2026-35368 (A vulnerability exists in the chroot utility of uutils 
coreutils when  ...)
-       - rust-coreutils <unfixed>
+       - rust-coreutils <unfixed> (bug #1136198)
        [trixie] - rust-coreutils <no-dsa> (Minor issue)
        [bookworm] - rust-coreutils <no-dsa> (Minor issue)
        NOTE: https://github.com/uutils/coreutils/issues/10327
@@ -29741,7 +29741,7 @@ CVE-2026-4519 (The webbrowser.open() API would accept 
leading dashes in the URL
        - python3.9 <removed>
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
-       - jython <unfixed>
+       - jython <unfixed> (bug #1136197)
        [trixie] - jython <no-dsa> (Minor issue)
        [bookworm] - jython <no-dsa> (Minor issue)
        [bullseye] - jython <end-of-life> (EOL in bullseye LTS)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e016197a0a313f5028049be8f17ddb6977d207c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e016197a0a313f5028049be8f17ddb6977d207c
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] bugnums

Reply via email to