[Git][security-tracker-team/security-tracker][master] Add two new mermaid issues

Sat, 23 May 2026 00:33:06 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ea270454 by Salvatore Bonaccorso at 2026-05-23T09:32:31+02:00
Add two new mermaid issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21,9 +21,15 @@ CVE-2026-42901 (Origin validation error in Microsoft Entra 
ID allows an unauthor
 CVE-2026-42827 (Improper neutralization of special elements used in a command 
('comman ...)
        NOT-FOR-US: Microsoft
 CVE-2026-41149 (Mermaid is a JavaScript tool that uses Markdown-inspired text 
to creat ...)
-       TODO: check
+       - node-mermaid <removed>
+       NOTE: 
https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr
+       NOTE: Fixed by: 
https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056
 ([email protected])
+       NOTE: Fixed by: 
https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3
 (v10.9.6)
 CVE-2026-41148 (Mermaid is a JavaScript tool that uses Markdown-inspired text 
to creat ...)
-       TODO: check
+       - node-mermaid <removed>
+       NOTE: 
https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r
+       NOTE: Fixed by: 
https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f
 ([email protected])
+       NOTE: Fixed by: 
https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102
 (v10.9.6)
 CVE-2026-41147 (NukeViet CMS is a multi Content Management System. Versions 
4.5.07 and ...)
        TODO: check
 CVE-2026-41104 (Deserialization of untrusted data in Microsoft Planetary 
Computer Pro  ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea270454e3ee2daaef7c6ece5e1b34ac7632961f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea270454e3ee2daaef7c6ece5e1b34ac7632961f
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to