[Git][security-tracker-team/security-tracker][master] libstb triage

Moritz Muehlenhoff (@jmm) Sun, 10 May 2026 11:32:08 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
e465c24b by Moritz Muehlenhoff at 2026-05-10T20:25:40+02:00
libstb triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22506,17 +22506,16 @@ CVE-2026-5316 (A vulnerability was identified in 
Nothings stb up to 1.22. The im
        [trixie] - libstb <no-dsa> (Minor issue)
        [bookworm] - libstb <no-dsa> (Minor issue)
 CVE-2026-5315 (A vulnerability was determined in Nothings stb up to 1.26. The 
affecte ...)
-       - libstb <unfixed>
-       [trixie] - libstb <no-dsa> (Minor issue)
-       [bookworm] - libstb <no-dsa> (Minor issue)
+       - libstb <unfixed> (unimportant)
+       NOTE: truetype parser only supported for trusted font files
 CVE-2026-5314 (A vulnerability was found in Nothings stb up to 1.26. Impacted 
is the  ...)
-       - libstb <unfixed>
-       [trixie] - libstb <no-dsa> (Minor issue)
-       [bookworm] - libstb <no-dsa> (Minor issue)
+       - libstb <unfixed> (unimportant)
+       NOTE: truetype parser only supported for trusted font files
 CVE-2026-5313 (A vulnerability has been found in Nothings stb up to 2.30. This 
issue  ...)
        - libstb <unfixed>
        [trixie] - libstb <no-dsa> (Minor issue)
        [bookworm] - libstb <no-dsa> (Minor issue)
+       NOTE: https://vuldb.com/submit/780462
 CVE-2026-5312 (A weakness has been identified in D-Link DNS-120, DNR-202L, 
DNS-315L,  ...)
        NOT-FOR-US: D-Link
 CVE-2026-5311 (A security flaw has been discovered in D-Link DNS-120, 
DNR-202L, DNS-3 ...)
@@ -23099,6 +23098,7 @@ CVE-2026-5186 (A weakness has been identified in 
Nothings stb up to 2.30. This i
        - libstb <unfixed>
        [trixie] - libstb <no-dsa> (Minor issue)
        [bookworm] - libstb <no-dsa> (Minor issue)
+       NOTE: https://vuldb.com/submit/780395
 CVE-2026-4947 (Addressed a potential insecure direct object reference (IDOR) 
vulnerab ...)
        NOT-FOR-US: Foxit
 CVE-2026-4819 (In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit 
logging ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e465c24ba7caeaff6421e4ee570bfb176d895914

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e465c24ba7caeaff6421e4ee570bfb176d895914
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] libstb triage

Reply via email to