[Git][security-tracker-team/security-tracker][master] CVE-2026-4437,CVE-2026-4438/glibc: bullseye not-affected

Tue, 26 May 2026 18:38:57 -0700 


Arnaud Rebillout pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f72dd5c6 by Arnaud Rebillout at 2026-05-27T08:38:31+07:00
CVE-2026-4437,CVE-2026-4438/glibc: bullseye not-affected

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -38525,18 +38525,20 @@ CVE-2026-4438 (Calling gethostbyaddr or 
gethostbyaddr_r with a configured nsswit
        - glibc 2.42-14 (bug #1131887)
        [trixie] - glibc 2.41-12+deb13u3
        [bookworm] - glibc 2.36-9+deb12u14
-       [bullseye] - glibc <postponed> (Minor issue, specification violation)
+       [bullseye] - glibc <not-affected> (introduced in v2.34)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34015
        NOTE: Proposed patch: 
https://inbox.sourceware.org/libc-alpha/[email protected]/
        NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
+       NOTE: Introduced with: 
https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
 CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured 
nsswitch.co ...)
        - glibc 2.42-14 (bug #1131435)
        [trixie] - glibc 2.41-12+deb13u3
        [bookworm] - glibc 2.36-9+deb12u14
-       [bullseye] - glibc <postponed> (Minor issue, validation issue)
+       [bullseye] - glibc <not-affected> (introduced in v2.34)
        NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34014
        NOTE: Proposed patch: 
https://inbox.sourceware.org/libc-alpha/[email protected]/
        NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
+       NOTE: Introduced with: 
https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
 CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM 
connectio ...)
        NOT-FOR-US: Devolutions
 CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing 
Authorizat ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72dd5c632f79dc7a14381c6d4747804295ddef8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72dd5c632f79dc7a14381c6d4747804295ddef8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to