Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14391fda by Salvatore Bonaccorso at 2026-05-30T09:58:52+02:00
Add Debian bug reference for golang-golang-x-image issues
- - - - -
7bc7008d by Salvatore Bonaccorso at 2026-05-30T09:59:22+02:00
Add Debian bug reference for bzip2 issue
- - - - -
0055d6fd by Salvatore Bonaccorso at 2026-05-30T09:59:44+02:00
Add Debian bug reference for gopls issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -18,7 +18,7 @@ CVE-2026-47266 (Formie is a Craft CMS plugin for creating
forms. Prior to 2.2.21
CVE-2026-47123 (FreeScout is a free help desk and shared inbox built with
PHP's Larave ...)
NOT-FOR-US: FreeScout
CVE-2026-46599 (The TIFF decoder does not place a limit on the size of
PackBits-compre ...)
- - golang-golang-x-image <unfixed>
+ - golang-golang-x-image <unfixed> (bug #1138257)
NOTE: https://github.com/golang/go/issues/79577
NOTE: https://go-review.googlesource.com/c/image/+/759960
CVE-2026-46527 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
@@ -69,7 +69,7 @@ CVE-2026-44287 (FastGPT is an AI Agent building platform.
Prior to 4.15.0-beta1,
CVE-2026-44285 (FastGPT is an AI Agent building platform. Prior to
4.15.0-beta1, a Ser ...)
NOT-FOR-US: FastGPT
CVE-2026-42500 (Decoding a paletted BMP file with an out-of-range palette
index result ...)
- - golang-golang-x-image <unfixed>
+ - golang-golang-x-image <unfixed> (bug #1138257)
NOTE: https://github.com/golang/go/issues/79576
NOTE: https://go-review.googlesource.com/c/image/+/781500
CVE-2026-34127 (A stored cross-site scripting (XSS) vulnerability has been
identified ...)
@@ -1530,7 +1530,7 @@ CVE-2026-42998 (An issue was discovered in OpenStack
Keystone before 29.0.2. The
NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
CVE-2026-42250 (bzip2 contains an off\u2011by\u2011one error in the
bzip2recover utili ...)
- - bzip2 <unfixed>
+ - bzip2 <unfixed> (bug #1138255)
NOTE:
https://inbox.sourceware.org/bzip2-devel/[email protected]/
NOTE: Fixed by:
https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
CVE-2026-41565 (CryptX versions before 0.088_001 for Perl have a stack buffer
overflow ...)
@@ -16602,7 +16602,7 @@ CVE-2026-43646 (Exposure of Sensitive Information to an
Unauthorized Actor vulne
CVE-2026-42509 (Improper Neutralization of Input During Web Page Generation
('Cross-si ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42503 (gopls by default communicates via pipe. However, -port and
-listen fla ...)
- - gopls <unfixed>
+ - gopls <unfixed> (bug #1138256)
NOTE: https://github.com/golang/go/issues/79211
NOTE: https://go-review.googlesource.com/c/tools/+/774381/
NOTE: Fixed by:
https://github.com/golang/tools/commit/90abdab4cf0af205d3d2212c73526b58c97d0bf6
(gopls/v0.22.0-pre.2)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f48ad07da4c080fbbc865cc2d3cb000a153e44d...0055d6fdd9b288afbfa8f24767fb2f50f1370b3a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f48ad07da4c080fbbc865cc2d3cb000a153e44d...0055d6fdd9b288afbfa8f24767fb2f50f1370b3a
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
