Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4822c7f6 by Moritz Muehlenhoff at 2026-06-12T16:34:36+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -105,16 +105,16 @@ CVE-2026-45169 (Idira Privileged Access Manager (PAM)
Self-Hosted Vault versions
CVE-2026-45060 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
NOT-FOR-US: ClipBucket
CVE-2026-44892 (Netty is a network application framework for development of
protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139807)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2
CVE-2026-44890 (Netty is a network application framework for development of
protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139807)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3
CVE-2026-44250 (Netty is a network application framework for development of
protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139807)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2
CVE-2026-44249 (Netty is a network application framework for development of
protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139807)
NOTE:
https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86
CVE-2026-42846 (ClipBucket v5 is an open source video sharing platform. Prior
to versi ...)
NOT-FOR-US: ClipBucket
@@ -596,7 +596,7 @@ CVE-2026-11956 (A vulnerability was determined in TwiN
gatus 5.36.0. Impacted is
CVE-2026-11945 (PostgreSQL Anonymizer contains a vulnerability that allows a
user to g ...)
TODO: check
CVE-2026-11850 (An integer underflow vulnerability was found in MIT krb5 in
the berval ...)
- - krb5 <unfixed>
+ - krb5 <unfixed> (bug #1139821)
[trixie] - krb5 <no-dsa> (Minor issue)
[bullseye] - krb5 <postponed> (Minor issue)
NOTE: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9206
@@ -607,7 +607,7 @@ CVE-2026-11816 (Keras versions prior to 3.14.0 are
vulnerable to a path traversa
- keras <removed>
[bullseye] - keras <end-of-life> (out of security support for bullseye)
CVE-2026-11774 (An integer overflow flaw was found in the SASL I/O layer of
389 Direct ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139809)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484916
CVE-2026-11604 (An incorrect buffer size calculation in the epoch key
generator in Ope ...)
TODO: check
@@ -682,7 +682,7 @@ CVE-2023-32959 (Missing Authorization vulnerability in
Sparkle WP MetroStore met
CVE-2022-48575 (A person with access to a Mac may be able to bypass Login
Window. A co ...)
NOT-FOR-US: Apple
CVE-2026-10143 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
- - python-kafka <unfixed>
+ - python-kafka <unfixed> (bug #1139822)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
CVE-2026-6893 (A flaw was found in dracut. A remote attacker on the adjacent
network ...)
- dracut <unfixed> (bug #1139725)
@@ -934,9 +934,8 @@ CVE-2026-20252 (In Splunk Enterprise versions below 10.2.4,
10.0.7, 9.4.12, and
CVE-2026-20251 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12,
and 9.3.13 ...)
NOT-FOR-US: Cisco
CVE-2026-11884 (A heap buffer overflow flaw was found in 389 Directory Server.
When se ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139819)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2423624
- TODO: check upstream details
CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email
sent by Thi ...)
NOT-FOR-US: Canarytokens
CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be
susceptible ...)
@@ -1330,7 +1329,7 @@ CVE-2026-11526
CVE-2026-52903
NOT-FOR-US: ManageIQ
CVE-2026-11791
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139816)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485414
CVE-2026-49839
- jq 1.8.1-8
@@ -2192,37 +2191,29 @@ CVE-2026-24064 (Waves Central for macOS versions 13.0.9
through 16.5.5 contain a
CVE-2026-22926 (Omnissa Workspace ONE\xae Assist for macOS contains a Local
Privilege ...)
NOT-FOR-US: Omnissa
CVE-2026-11793 (A stack buffer overflow flaw was found in 389 Directory
Server. The ch ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139818)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484914
- TODO: check details
CVE-2026-11792 (A heap buffer overflow flaw was found in 389 Directory Server.
When au ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139817)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484915
- TODO: check details
CVE-2026-11790 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256
password s ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139815)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485421
- TODO: check details
CVE-2026-11789 (A flaw was found in 389 Directory Server. The SMD5 password
storage pl ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139814)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485422
- TODO: check details
CVE-2026-11788 (A flaw was found in 389 Directory Server. The dereference
control plug ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139813)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485423
- TODO: check details
CVE-2026-11787 (A flaw was found in 389 Directory Server. The ldap_utf8prev()
function ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139812)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485425
- TODO: check details
CVE-2026-11786 (A flaw was found in 389 Directory Server. The LDIF parser
reads past t ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139811)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485426
- TODO: check details
CVE-2026-11785 (A flaw was found in 389 Directory Server. A type confusion in
the SSO ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139810)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485427
- TODO: check details
CVE-2026-11764 (When creating an export of all reusable media, the secrets of
connecte ...)
NOT-FOR-US: rami.io products
CVE-2026-11616 (The Events Calendar for GeoDirectory plugin for WordPress is
vulnerabl ...)
@@ -3276,7 +3267,7 @@ CVE-2026-25555 (OpenBullet2 through version 0.3.2
contains an authentication byp
CVE-2026-22164 (Software installed and run as a non-privileged user may
conduct improp ...)
NOT-FOR-US: Imagination Technologies
CVE-2026-11611 (A flaw was found in 389 Directory Server. The Content
Synchronization ...)
- - 389-ds-base <unfixed>
+ - 389-ds-base <unfixed> (bug #1139820)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485424
CVE-2026-11577 (A flaw was found in Keycloak. A limited administrator can
exploit an i ...)
- keycloak <itp> (bug #1088287)
@@ -6193,13 +6184,11 @@ CVE-2026-2596
CVE-2026-28318 (SolarWinds Serv-U is susceptible to specially crafted POST
requests th ...)
NOT-FOR-US: SolarWinds
CVE-2026-26825 (A use-of-uninitialized memory vulnerability exists in libxls
1.6.3 whe ...)
- - r-cran-readxl <undetermined>
+ - r-cran-readxl <unfixed> (bug #1139808)
NOTE: https://github.com/libxls/libxls/issues/156
- TODO: check security impact for r-cran-readxl
CVE-2026-26824 (libxls through version 1.6.3 contains a use of uninitialized
memory vu ...)
- - r-cran-readxl <undetermined>
+ - r-cran-readxl <unfixed> (bug #1139808)
NOTE: https://github.com/libxls/libxls/issues/155
- TODO: check security impact for r-cran-readxl
CVE-2026-25551 (Seagull Software BarTender 2021 R1 through 12.0.1contains an
insecure ...)
NOT-FOR-US: Seagull Software BarTender
CVE-2026-25550 (Seagull Software BarTender 2010, 2016, and 2019 contain an
unauthentic ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4822c7f61187104fa2c8067a7fd99b9844efcfaf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4822c7f61187104fa2c8067a7fd99b9844efcfaf
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
