[Git][security-tracker-team/security-tracker][master] Add three new putty issues

Tue, 26 May 2026 00:24:09 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c36be175 by Salvatore Bonaccorso at 2026-05-26T09:23:11+02:00
Add three new putty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -69,11 +69,20 @@ CVE-2026-9484 (A vulnerability was determined in 
SourceCodester Student Grades M
 CVE-2026-4795 (A missing authorization vulnerability in Zyxel GS1200-5v3 
firmware ver ...)
        NOT-FOR-US: Zyxel
 CVE-2026-48852 (PuTTY 0.71 before 0.84 has an assertion failure in ECDSA 
signature ver ...)
-       TODO: check
+       - putty 0.84-1
+       NOTE: 
https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
+       NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ecdsa-remotely-triggerable-assertion.html
+       NOTE: Fixed by: 
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=65b8f37c34cd80680693e813e0081cdafaf58324
 (0.84)
 CVE-2026-48851 (PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a 
trust indica ...)
-       TODO: check
+       - putty 0.84-1
+       NOTE: 
https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
+       NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/telnet-trust-sigil.html
+       NOTE: Fixed by: 
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=64712be3cbc4a02bda4a92ca97e8d4f294abbe9a
 (0.84)
 CVE-2026-48850 (PuTTY 0.72 before 0.84 has a double free in RSA KEX.)
-       TODO: check
+       - putty 0.84-1
+       NOTE: 
https://lists.tartarus.org/pipermail/putty-announce/2026/000042.html
+       NOTE: 
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsakex-double-free.html
+       NOTE: Fixed by: 
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=ba3ed53e0bf6682f89940bc2c3e83da6b1524024
 (0.84)
 CVE-2026-48837 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-45438 (Missing Authorization vulnerability in WebToffee Smart Coupons 
for Woo ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c36be1758724ea7ea1f7e076906bb0011a7dd456

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c36be1758724ea7ea1f7e076906bb0011a7dd456
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to