Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b7653adb by Salvatore Bonaccorso at 2026-05-21T17:28:51+02:00
Update status for CVE-2026-8711/libnginx-mod-js
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -686,7 +686,11 @@ CVE-2026-8726 (The extension fails to properly sanitize
user input before using
NOT-FOR-US: TYPO3 (core or extensions)
CVE-2026-8711 (NGINX JavaScript has a vulnerability when the
js_fetch_proxydirective ...)
- libnginx-mod-js 0.9.9-1 (bug #1137215)
+ [trixie] - libnginx-mod-js <not-affected> (Vulnerable code not present)
+ [bookworm] - libnginx-mod-js <not-affected> (Vulnerable code not
present)
NOTE: https://my.f5.com/manage/s/article/K000161307
+ NOTE: Introduced with:
https://github.com/nginx/njs/commit/dea831892cee6ad3a6e7420e2174157a1a73b92d
(0.9.4)
+ NOTE: Fixed by:
https://github.com/nginx/njs/commit/2bf4601a94c2a22b715d74e6d92dedb1850d56d3
(0.9.9)
CVE-2026-8706 (Firefox for iOS hosted Reader mode on an unauthenticated local
web ser ...)
NOT-FOR-US: Firefox for iOS
CVE-2026-8685 (The Infility Global plugin for WordPress is vulnerable to SQL
Injectio ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7653adbc2385832bc3fb18a257a4b9bd3aec969
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7653adbc2385832bc3fb18a257a4b9bd3aec969
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
