[Git][security-tracker-team/security-tracker][master] Add two new issues in golang-opentelemetry-otel

Fri, 05 Jun 2026 00:13:33 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
6bcb0b01 by Salvatore Bonaccorso at 2026-06-05T09:12:55+02:00
Add two new issues in golang-opentelemetry-otel

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -132,7 +132,10 @@ CVE-2026-45432 (This vulnerability exists in GX Earth ONT 
models due to the tran
 CVE-2026-45431 (This vulnerability exists in GX Earth ONT models due to 
improper handl ...)
        NOT-FOR-US: GX Earth ONT models
 CVE-2026-45287 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. 
Prior to v ...)
-       TODO: check
+       - golang-opentelemetry-otel <unfixed>
+       NOTE: 
https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m
+       NOTE: Introduced with: 
https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684
+       NOTE: Fixed by: 
https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d
 (v1.44.0)
 CVE-2026-44682 (Local privilege escalation due to DLL hijacking vulnerability. 
The fol ...)
        NOT-FOR-US: Acronis
 CVE-2026-44609 (Local privilege escalation due to EXE hijacking vulnerability. 
The fol ...)
@@ -166,7 +169,9 @@ CVE-2026-41234 (Froxlor is open source server 
administration software. Prior to
 CVE-2026-41207 (The netty incubator codec.bhttp is a java language binary http 
parser. ...)
        NOT-FOR-US: netty-incubator-codec-ohttp
 CVE-2026-41178 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. 
Versions 1 ...)
-       TODO: check
+       - golang-opentelemetry-otel <unfixed>
+       NOTE: 
https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-5wrp-cwcj-q835
+       NOTE: https://github.com/open-telemetry/opentelemetry-go/pull/7880
 CVE-2026-41065 (Tautulli is a Python based monitoring and tracking tool for 
Plex Media ...)
        NOT-FOR-US: Tautulli
 CVE-2026-41011 (PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" 
where tgz = ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bcb0b0110c24119546d56fb605cd1493bb54897

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bcb0b0110c24119546d56fb605cd1493bb54897
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to