Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d7e41901 by Salvatore Bonaccorso at 2026-05-27T07:20:18+02:00
Adjust notes for CVE-2026-443{7,8}/glibc
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38533,7 +38533,9 @@ CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r
with a configured nsswit
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34015
NOTE: Proposed patch:
https://inbox.sourceware.org/libc-alpha/[email protected]/
NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
- NOTE: Introduced with:
https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
+ NOTE: Introduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=e32547d661a43da63368e488b6cfa9c53b4dcf92
(glibc-2.37)
+ NOTE: Backported and introduced in glibc-2.36 branch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=77f523c473878ec0051582ef15161c6982879095
+ NOTE: Backported and introduced in glibc-2.34 branch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured
nsswitch.co ...)
- glibc 2.42-14 (bug #1131435)
[trixie] - glibc 2.41-12+deb13u3
@@ -38542,7 +38544,9 @@ CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r
with a configured nsswit
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34014
NOTE: Proposed patch:
https://inbox.sourceware.org/libc-alpha/[email protected]/
NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
- NOTE: Introduced with:
https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
+ NOTE: Introduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=e32547d661a43da63368e488b6cfa9c53b4dcf92
(glibc-2.37)
+ NOTE: Backported and introduced in glibc-2.36 branch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=77f523c473878ec0051582ef15161c6982879095
+ NOTE: Backported and introduced in glibc-2.34 branch:
https://sourceware.org/git/?p=glibc.git;a=commit;h=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM
connectio ...)
NOT-FOR-US: Devolutions
CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing
Authorizat ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e419011dd9fe6190a2c556a3736e83a0b30716
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e419011dd9fe6190a2c556a3736e83a0b30716
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
