Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ffe2782a by Emilio Pozuelo Monfort at 2026-05-13T12:54:51+02:00
lts: some swupdate issues no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11195,11 +11195,13 @@ CVE-2026-6986 (A security vulnerability has been
detected in Cesanta Mongoose up
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-6985 (A weakness has been identified in Cesanta Mongoose up to 7.20.
This vu ...)
- mongoose <not-affected> (Fixed before or with initial upload)
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-6984 (A security flaw has been discovered in AstrBotDevs AstrBot up
to 4.22. ...)
NOT-FOR-US: AstrBotDevs AstrBot
CVE-2026-6983 (A vulnerability was identified in pagekit up to 1.0.18.
Affected by th ...)
@@ -24186,16 +24188,19 @@ CVE-2026-5246 (A vulnerability was determined in
Cesanta Mongoose up to 7.20. Af
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-5245 (A vulnerability was found in Cesanta Mongoose up to 7.20. This
impacts ...)
- mongoose <not-affected> (Fixed before or with initial upload)
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-5244 (A vulnerability has been found in Cesanta Mongoose up to 7.20.
This af ...)
- mongoose <not-affected> (Fixed before or with initial upload)
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-5032 (The W3 Total Cache plugin for WordPress is vulnerable to
information e ...)
NOT-FOR-US: WordPress plugin
CVE-2026-4636 (A flaw was found in Keycloak. An authenticated user with the
uma_prote ...)
@@ -44027,16 +44032,19 @@ CVE-2026-2968 (A vulnerability was detected in
Cesanta Mongoose up to 7.20. This
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-2967 (A security vulnerability has been detected in Cesanta Mongoose
up to 7 ...)
- mongoose <not-affected> (Fixed before or with initial upload, also
see bug #1135115)
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-2966 (A weakness has been identified in Cesanta Mongoose up to 7.20.
The imp ...)
- mongoose <not-affected> (Fixed before or with initial upload, also
see bug #1135115)
- swupdate 2025.12+dfsg-10
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2026-2965 (A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and
07FlyCR ...)
NOT-FOR-US: 07FLYCMS, 07FLY-CMS and 07FlyCRM
CVE-2026-2964 (A vulnerability was identified in higuma web-audio-recorder-js
0.1/0.1 ...)
@@ -82119,6 +82127,7 @@ CVE-2025-65502 (Null pointer dereference in
add_ca_certs() in Cesanta Mongoose b
- swupdate 2025.12+dfsg-1
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
NOTE: https://github.com/cesanta/mongoose/issues/3306
NOTE:
https://github.com/cesanta/mongoose/commit/64abf061bf018fd78f31c200a57a3fb04f9f3ef2
(7.20)
CVE-2025-65501 (Null pointer dereference in coap_dtls_info_callback() in OISM
libcoap ...)
@@ -100985,6 +100994,7 @@ CVE-2025-51495 (An integer overflow vulnerability
exists in the WebSocket compon
- swupdate 2025.12+dfsg-1
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <no-dsa> (Minor issue)
NOTE: https://github.com/cesanta/mongoose/pull/3131
NOTE:
https://github.com/cesanta/mongoose/commit/cdc439bc38570048541b2ac6b9c326da87bf4a0a
(7.18)
CVE-2025-43400 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
@@ -316157,6 +316167,7 @@ CVE-2023-33934 (Improper Input Validation
vulnerability in Apache Software Found
CVE-2023-2905 (Due to a failure in validating the length of a provided
MQTT_CMD_PUBLI ...)
- mongoose <not-affected> (Fixed before or with initial upload)
- swupdate 2024.12+dfsg-1
+ [bullseye] - swupdate <no-dsa> (Minor issue)
CVE-2023-3223 (A flaw was found in undertow. Servlets annotated with
@MultipartConfig ...)
- undertow 2.3.18-1 (bug #1054893)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209689
@@ -322297,6 +322308,7 @@ CVE-2023-34203 (In Progress OpenEdge OEM (OpenEdge
Management) and OEE (OpenEdge
CVE-2023-34188 (The HTTP server in Mongoose before 7.10 accepts requests
containing ne ...)
- mongoose <not-affected> (Fixed before or with initial upload)
- swupdate 2024.12+dfsg-1
+ [bullseye] - swupdate <no-dsa> (Minor issue)
NOTE:
https://github.com/cesanta/mongoose/commit/4663090a8fb036146dfe77718cff612b0101cb0f
(7.10)
NOTE: smplayer embeds a copy, which is unused in any released version
and disabled since 18.5.0~ds1-1
CVE-2023-34021 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in
Andy Moy ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe2782a561d93fe809bc46a6f3b71eedfce2a01
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ffe2782a561d93fe809bc46a6f3b71eedfce2a01
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
