Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88d9c597 by Salvatore Bonaccorso at 2026-05-14T12:03:24+02:00
Add docker.io as well for CVE-2026-3374{7,8}
We might need to check the other buildkit issues for imapct on docker.io
and add docker.io to those CVE, but they need further evaluation.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27932,8 +27932,10 @@ CVE-2026-33750 (The brace-expansion library generates
arbitrary strings containi
NOTE:
https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v
NOTE: Fixed by:
https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5
(v2.0.3)
CVE-2026-33748 (BuildKit is a toolkit for converting source code to build
artifacts in ...)
+ - docker.io <unfixed>
- golang-github-moby-buildkit <itp> (bug #1094971)
CVE-2026-33747 (BuildKit is a toolkit for converting source code to build
artifacts in ...)
+ - docker.io <unfixed>
- golang-github-moby-buildkit <itp> (bug #1094971)
CVE-2026-33745 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
[experimental] - cpp-httplib 0.41.0+ds-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88d9c5971028e6a22391d08a9e77d552f1f76f5f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88d9c5971028e6a22391d08a9e77d552f1f76f5f
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
