Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6f9473b4 by Emilio Pozuelo Monfort at 2026-05-13T11:26:43+02:00
lts: gpac eol
- - - - -
9293915e by Emilio Pozuelo Monfort at 2026-05-13T11:27:34+02:00
lts: tor eol
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3826,6 +3826,7 @@ CVE-2026-8125 (A vulnerability was detected in
code-projects Simple Chat System
NOT-FOR-US: code-projects
CVE-2026-8124 (A security vulnerability has been detected in GPAC up to
26.02.0. This ...)
- gpac <removed>
+ [bullseye] - gpac <end-of-life> (EOLed in debian-security-support)
CVE-2026-8123 (A vulnerability was determined in Open5GS up to 2.7.7. This
impacts th ...)
- open5gs <itp> (bug #1094791)
CVE-2026-8122 (A vulnerability was found in Open5GS up to 2.7.7. This affects
the fun ...)
@@ -4405,6 +4406,7 @@ CVE-2026-4348 (The BetterDocs Pro plugin for WordPress is
vulnerable to SQL Inje
CVE-2026-44603 (Tor before 0.4.9.7 has an out-of-bounds read by one byte via a
malform ...)
{DSA-6260-1}
- tor 0.4.9.8-1
+ [bullseye] - tor <end-of-life> (see DSA 5562)
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41245
@@ -4412,6 +4414,7 @@ CVE-2026-44603 (Tor before 0.4.9.7 has an out-of-bounds
read by one byte via a m
CVE-2026-44602 (Tor before 0.4.9.7 has a NULL pointer dereference when a CERT
cell is ...)
{DSA-6260-1}
- tor 0.4.9.8-1
+ [bullseye] - tor <end-of-life> (see DSA 5562)
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41240
@@ -4419,6 +4422,7 @@ CVE-2026-44602 (Tor before 0.4.9.7 has a NULL pointer
dereference when a CERT ce
CVE-2026-44601 (Tor before 0.4.9.7, when circuit queue memory pressure exists,
can exp ...)
{DSA-6260-1}
- tor 0.4.9.8-1
+ [bullseye] - tor <end-of-life> (see DSA 5562)
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237
@@ -4426,6 +4430,7 @@ CVE-2026-44601 (Tor before 0.4.9.7, when circuit queue
memory pressure exists, c
CVE-2026-44600 (Tor before 0.4.9.7 mishandles accounting of the conflux
out-of-order q ...)
{DSA-6260-1}
- tor 0.4.9.8-1
+ [bullseye] - tor <end-of-life> (see DSA 5562)
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41251
@@ -4433,6 +4438,7 @@ CVE-2026-44600 (Tor before 0.4.9.7 mishandles accounting
of the conflux out-of-o
CVE-2026-44599 (Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux
legs, a ...)
{DSA-6260-1}
- tor 0.4.9.8-1
+ [bullseye] - tor <end-of-life> (see DSA 5562)
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41243
@@ -4440,6 +4446,7 @@ CVE-2026-44599 (Tor before 0.4.9.7 can attempt or accept
BEGIN_DIR via conflux l
CVE-2026-44597 (Tor before 0.4.9.7 has an out-of-bounds read when an END, a
TRUNCATE, ...)
{DSA-6260-1}
- tor 0.4.9.8-1
+ [bullseye] - tor <end-of-life> (see DSA 5562)
NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41254
@@ -6689,6 +6696,7 @@ CVE-2026-3359 (The Form Maker by 10Web \u2013
Mobile-Friendly Drag & Drop Contac
NOT-FOR-US: WordPress plugin
CVE-2026-39103 (Buffer Overflow vulnerability in GPAC before commit
v391dc7f4d234988ea ...)
- gpac <removed>
+ [bullseye] - gpac <end-of-life> (EOLed in debian-security-support)
CVE-2026-38432 (ERPNext v15.103.1 and before is vulnerable to Cross Site
Scripting (XS ...)
NOT-FOR-US: ERPNext
CVE-2026-38431 (ERPNext v15.103.1 and before is vulnerable to Server-Side
Template Inj ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ddaa0aa7f7904d72d9a697f823da58563ad590...9293915e0e3b293c60858b558de7887d56e98f2b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ddaa0aa7f7904d72d9a697f823da58563ad590...9293915e0e3b293c60858b558de7887d56e98f2b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
