Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
193e7a2b by security tracker role at 2026-06-21T19:13:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,13 +1,106 @@
-CVE-2026-56367
+CVE-2026-56412 (libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in
doCdataS ...)
+ TODO: check
+CVE-2026-56411 (xmlwf in libexpat before 2.8.2 has an integer overflow in
endDoctypeDe ...)
+ TODO: check
+CVE-2026-56410 (xmlwf in libexpat before 2.8.2 has an integer overflow in
resolveSyste ...)
+ TODO: check
+CVE-2026-56409 (xmlwf in libexpat before 2.8.2 has an integer overflow for the
output ...)
+ TODO: check
+CVE-2026-56408 (libexpat before 2.8.2 has an integer overflow in copyString.)
+ TODO: check
+CVE-2026-56407 (libexpat before 2.8.2 has an integer overflow in doProlog that
is rela ...)
+ TODO: check
+CVE-2026-56406 (libexpat before 2.8.2 has an integer overflow in
XML_ParseBuffer becau ...)
+ TODO: check
+CVE-2026-56405 (libexpat before 2.8.2 has an integer overflow in
getAttributeId.)
+ TODO: check
+CVE-2026-56404 (libexpat before 2.8.2 has an integer overflow in addBinding.)
+ TODO: check
+CVE-2026-56403 (libexpat before 2.8.2 has an integer overflow in storeAtts.)
+ TODO: check
+CVE-2026-56397 (SiYuan before v3.6.1 fails to sanitize package metadata and
README con ...)
+ TODO: check
+CVE-2026-56396 (phpMyFAQ before 4.1.4 contains missing authorization
vulnerabilities i ...)
+ TODO: check
+CVE-2026-56395 (SiYuan before v3.6.1 fails to sanitize package metadata and
README con ...)
+ TODO: check
+CVE-2026-56394 (Craft CMS from 4.0.0-RC1 contains an authenticated path
traversal vuln ...)
+ TODO: check
+CVE-2026-56393 (Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>=
5.0.0-RC1, < ...)
+ TODO: check
+CVE-2026-56385 (Craft CMS versions >= 5.0.0-RC1, <= 5.9.13 and >= 4.0.0-RC1,
<= 4.17.7 ...)
+ TODO: check
+CVE-2026-56384 (Craft CMS contains a missing authorization vulnerability in
the assets ...)
+ TODO: check
+CVE-2026-56383 (Craft CMS contains a stored cross-site scripting (XSS)
vulnerability i ...)
+ TODO: check
+CVE-2026-56382 (Craft CMS (composer package craftcms/cms) versions >= 5.5.0
and <= 5.9 ...)
+ TODO: check
+CVE-2026-56381 (Craft CMS from version 5.0.0-RC1 contains a stored cross-site
scriptin ...)
+ TODO: check
+CVE-2026-56316 (Cap-go before 12.128.2 contains an information disclosure
vulnerabilit ...)
+ TODO: check
+CVE-2026-56299 (Capgo before 12.128.2 contains an authentication bypass
vulnerability ...)
+ TODO: check
+CVE-2026-56265 (Crawl4AI before 0.8.7 contains an authentication bypass
vulnerability ...)
+ TODO: check
+CVE-2026-56253 (Capgo before 12.128.2 contains an improper access control
vulnerabilit ...)
+ TODO: check
+CVE-2026-56251 (Capgo before 12.128.2 contains a broken row level security
policy in t ...)
+ TODO: check
+CVE-2026-56242 (Capgo before 12.128.2 contains an unauthenticated security
definer RPC ...)
+ TODO: check
+CVE-2026-56239 (Capgo before 12.128.2 contains a potential privilege
escalation vulner ...)
+ TODO: check
+CVE-2026-56236 (Capgo CLI before 12.128.2 contains arbitrary file overwrite
vulnerabil ...)
+ TODO: check
+CVE-2026-56229 (Capgo before 12.128.2 contains an authorization bypass
vulnerability i ...)
+ TODO: check
+CVE-2026-12804 (A vulnerability was detected in lemonldap-ng up to 2.23.0.
Impacted is ...)
+ TODO: check
+CVE-2026-12799 (A security vulnerability has been detected in BerriAI litellm
up to 1. ...)
+ TODO: check
+CVE-2026-12798 (A weakness has been identified in BerriAI litellm up to
1.82.2. Affect ...)
+ TODO: check
+CVE-2026-12797 (A security flaw has been discovered in BerriAI litellm up to
1.82.5. A ...)
+ TODO: check
+CVE-2026-12796 (A vulnerability was identified in BerriAI litellm up to
1.82.2. This i ...)
+ TODO: check
+CVE-2026-12795 (A vulnerability was determined in BerriAI litellm up to
1.82.2. This a ...)
+ TODO: check
+CVE-2026-12789 (A vulnerability was identified in ILIAS Learning Management
System 11. ...)
+ TODO: check
+CVE-2026-12788 (A vulnerability was determined in zhilink
\u667a\u4e92\u8054(\u6df1\u5 ...)
+ TODO: check
+CVE-2026-12787 (A vulnerability was found in zhilink
\u667a\u4e92\u8054(\u6df1\u5733)\ ...)
+ TODO: check
+CVE-2026-12786 (A vulnerability has been found in Ezbsystems UltraISO Premium
Edition ...)
+ TODO: check
+CVE-2026-12784 (A weakness has been identified in IM-Magic Partition Resizer
up to 7.9 ...)
+ TODO: check
+CVE-2026-12782 (A security flaw has been discovered in EaseUS Partition Master
up to 1 ...)
+ TODO: check
+CVE-2026-12781 (A vulnerability was identified in EaseUS Partition Master up
to 14.5. ...)
+ TODO: check
+CVE-2025-71378 (picklescan before 0.0.30 fails to detect cProfile.runctx
function call ...)
+ TODO: check
+CVE-2025-71357 (picklescan before 0.0.30 fails to detect malicious pickle
files using ...)
+ TODO: check
+CVE-2025-71351 (picklescan before 0.0.25 fails to detect malicious pickle
files that u ...)
+ TODO: check
+CVE-2025-71348 (picklescan before 0.0.28 fails to detect malicious pickle
files that i ...)
+ TODO: check
+CVE-2026-56367 (ImageMagick before 7.1.2-15 and 6.9.x before 6.9.13-40
contains an int ...)
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-273h-m46v-96q4
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/5b91ab69af614024255fd93dcc9a62b41fbc435c
(7.1.2-14)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/f4976eb8efe87009eec7cb12f62a3abd1cef4881
(6.9.13-39)
-CVE-2026-56378
+CVE-2026-56378 (ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40)
contains a heap ...)
- imagemagick 8:7.1.2.15+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-wgxp-q8xq-wpp9
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/436e5d2589e3c0adc10d9aa189e81d5d088d8207
(7.1.2-14)
-CVE-2026-52911 [ksmbd: scope conn->binding slowpath to bound sessions only]
+CVE-2026-52911 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ {DSA-6355-1}
- linux 7.0.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b0da97c034b6107d14e537e212d4ce8b22109a58 (7.1-rc1)
@@ -88,7 +181,7 @@ CVE-2026-48939 (A vulnerability in the iCagenda extension
for Joomla allows the
NOT-FOR-US: Joomla
CVE-2026-48909 (SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes
user-controlled ...)
NOT-FOR-US: Joomla
-CVE-2026-48908 (A vulnerability in the SP Page Builder for Joomla allows the
upload of ...)
+CVE-2026-48908 (A vulnerability in SP Page Builder for Joomla allows
unauthenticated u ...)
NOT-FOR-US: Joomla
CVE-2026-12673 (Liquidfiles versions before 4.2.12 are affected by a broken
access con ...)
NOT-FOR-US: Liquidfiles
@@ -496,12 +589,15 @@ CVE-2026-55767
- guzzle 7.12.1-1
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-cwxw-98qj-8qjx
CVE-2026-52910 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ {DSA-6355-1}
- linux 7.0.12-2
NOTE:
https://git.kernel.org/linus/18fc650ccd7fe3376eca89203668cfb8268f60df (7.1-rc3)
CVE-2026-52909 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ {DSA-6355-1}
- linux 7.0.13-1
NOTE:
https://git.kernel.org/linus/d289d5307762d1838aaece22c6b6fcad9e8865f9 (7.1)
CVE-2026-52908 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
+ {DSA-6355-1}
- linux 7.0.13-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -3192,14 +3288,17 @@ CVE-2026-10649 (A flaw was found in Pacemaker. An
unauthenticated remote attacke
CVE-2026-50203 (A path traversal in the SFTP provider
(`SFTPHook.retrieve_directory` / ...)
NOT-FOR-US: Airflow provider
CVE-2026-46331 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 7.0.13-1
NOTE:
https://git.kernel.org/linus/899ee91156e57784090c5565e4f31bd7dbffbc5a (7.1-rc7)
CVE-2026-39043
+ {DSA-6359-1}
- gst-plugins-good1.0 1.28.2-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0022.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8647118624fd14983507edbb509d0e534a0353a9
(main)
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6db6dd058ebc3607452311b7dc47b0359b40b293
(1.28)
CVE-2026-39044
+ {DSA-6359-1}
- gst-plugins-good1.0 1.28.2-1
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0021.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/83becc83eac477ecb97171f8278b0047dd7b6d5f
(main)
@@ -4823,10 +4922,12 @@ CVE-2017-20240 (Crypt::PBKDF2 versions before 0.261630
for Perl are vulnerable t
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40929601/
NOTE: Fixed by:
https://github.com/arodland/Crypt-PBKDF2/commit/ac5aac7c8c0e411165a6665a9c1f449b745f2629
(0.261630)
CVE-2026-50012
+ {DSA-6360-1}
- squid 7.6-1
NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
NOTE: Fixed by:
https://github.com/squid-cache/squid/commit/19fcfe922717c8b255270c032dcde4071c003bcd
(SQUID_7_6)
CVE-2026-47729
+ {DSA-6360-1}
- squid 7.6-1
NOTE: https://www.openwall.com/lists/oss-security/2026/06/12/1
NOTE: Fixed by:
https://github.com/squid-cache/squid/commit/865a131c7d557e68c965043d98c2eccae26deef8
(SQUID_7_6)
@@ -5164,12 +5265,14 @@ CVE-2026-53465 (ImageMagick is free and open-source
software used for editing an
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-44cp-c3ww-9rv5
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/e8a61457c90fcc632217cf5504da5c31e4b8d95c
(7.1.2-25)
CVE-2026-53464 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.25+dfsg1-1
[bookworm] - imagemagick <not-affected> (Vulnerable code not present)
[bullseye] - imagemagick <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/310e325e65f5171f35ec6305c9c21ec253d80852
(7.1.2-25)
CVE-2026-53463 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.25+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/aa288f3023da9ad9e0d85563d76ea7e1cb58abed
(7.1.2-25)
@@ -5186,6 +5289,7 @@ CVE-2026-53462 (ImageMagick is free and open-source
software used for editing an
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick6/commit/fee489246e3b62bff1a946b6d4ef32e81ead4799
(6.9.13-47)
NOTE: Introduced by optimisation of CheckPrimitiveExtend method
CVE-2026-53461 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.25+dfsg1-1
[bookworm] - imagemagick <not-affected> (vulnerable code introduced
later)
[bullseye] - imagemagick <not-affected> (vulnerable code introduced
later)
@@ -5194,6 +5298,7 @@ CVE-2026-53461 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/b44b0a2443451ca8350513ca0f61b8d8846c87cd
(6.9.13-50)
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick6/commit/b655528e86e277cea0ebcb61c4accab877d16648
(6.9.12-98)
CVE-2026-53460 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.25+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/960367f3318e650ba8544c0ce3844d7897aba43b
(7.1.2-25)
@@ -5228,6 +5333,7 @@ CVE-2026-49982 (tmp is a temporary file and directory
creator for node.js. In ve
NOTE:
https://github.com/raszi/node-tmp/security/advisories/GHSA-7c78-jf6q-g5cm
NOTE: Fixed by:
https://github.com/raszi/node-tmp/commit/8f24f788a356b5d45c9bec894632bd4931338153
(v0.2.7)
CVE-2026-49219 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.24+dfsg1-1
[bookworm] - imagemagick <not-affected> (vulnerable code not present;
symlink policy introduced later)
[bullseye] - imagemagick <not-affected> (vulnerable code not present;
symlink policy introduced later)
@@ -5235,16 +5341,19 @@ CVE-2026-49219 (ImageMagick is free and open-source
software used for editing an
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/d1bf6bcf357fef944280263892dadf84fbb2211d
(7.1.2-24)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/ac84db0cfd4891c0474b7bfdd3c1d016aa57216a
(6.9.13-49)
CVE-2026-49218 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.24+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/84fbcef8a558b1da075417a89d29aa5632d57f63
(7.1.2-24)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/14faf35495e9191f54bc63df44383a76f5cf16d9
(6.9.13-49)
CVE-2026-48994 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.24+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/44df3a54af31b8d33fa5e40b4dc61d051c4a5d9a
(7.1.2-24)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/662a1667d115a65b22a3792755431fc9c1f31d89
(6.9.13-49)
CVE-2026-48734 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.24+dfsg1-1
NOTE:
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick/commit/9ee821731faee8c4cc44103cc4180854046bb13c
(7.1.2-24)
@@ -5257,6 +5366,7 @@ CVE-2026-48733 (ImageMagick is free and open-source
software used for editing an
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick/commit/9624484e03bee69e8895e36cf5b4a74e52ef39ef
(7.1.1-44)
NOTE: Fixed by:
https://github.com/ImageMagick/ImageMagick6/commit/1a59a4f31acca06f90a1f83424ef991a60f76b61
(6.9.13-49)
CVE-2026-48724 (ImageMagick is free and open-source software used for editing
and mani ...)
+ {DSA-6356-1}
- imagemagick 8:7.1.2.24+dfsg1-1
[bookworm] - imagemagick <not-affected> (Vulnerable code not present,
introduced in IM7)
[bullseye] - imagemagick <not-affected> (Vulnerable code not present,
introduced in IM7)
@@ -6225,7 +6335,7 @@ CVE-2025-59382 (QTS, QuTS hero, QuTScloud are not
affected. We have already fix
CVE-2025-58468 (A cross-site request forgery (CSRF) vulnerability has been
reported to ...)
NOT-FOR-US: QNAP
CVE-2026-11526 (GD versions before 2.86 for Perl allow OS command injection
and file o ...)
- {DSA-6345-1}
+ {DSA-6345-1 DLA-4638-1}
- libgd-perl 2.84-3
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004664/
NOTE: Fixed by:
https://github.com/lstein/Perl-GD/commit/67b163713c6c78dfeb693da0978ae934e5cd8210
(v2.86)
@@ -7416,19 +7526,24 @@ CVE-2026-46324 (In the Linux kernel, the following
vulnerability has been resolv
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/f3224ee463f8f6f6ced7dcdf6081add4f8128527 (7.1-rc2)
CVE-2026-46323 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 7.0.12-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4db79a322db8c97f7b73b8a347395ef4d685eb40 (7.1-rc5)
CVE-2026-46322 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ {DSA-6355-1}
- linux 7.0.12-1
NOTE:
https://git.kernel.org/linus/aa8963fdce667a42fb7f0bdd2909fadcab02f9a8 (7.1-rc6)
CVE-2026-46321 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ {DSA-6355-1}
- linux 7.0.12-1
NOTE:
https://git.kernel.org/linus/f4feb1e20058e407cb00f45aff47f5b7e19a6bbf (7.1-rc6)
CVE-2026-46320 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ {DSA-6355-1}
- linux 7.0.12-1
NOTE:
https://git.kernel.org/linus/3bcf7aec6a9d16438f2cec29f5d7c8d5b8edf9b2 (7.1-rc6)
CVE-2026-46319 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/f462dca0c8415bf0058d0ffa476354c4476d0f09 (7.1-rc1)
CVE-2026-46318 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
@@ -7443,12 +7558,14 @@ CVE-2026-46317 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/70543358fa08e0f7cebc3447c3b70fe97ad7aaa8 (7.1-rc7)
CVE-2026-46316 (In the Linux kernel, the following vulnerability has been
resolved: K ...)
+ {DSA-6355-1}
- linux 7.0.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/13031fb6b8357fbbcded2a7f4cba73e4781ee594 (7.1-rc7)
NOTE: https://github.com/V4bel/ITScape
CVE-2026-46315 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ {DSA-6355-1}
- linux 7.0.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -8502,9 +8619,11 @@ CVE-2020-37248 (OfflineIMAP before 8.0.3 trusts the
server with their STARTTLS c
NOTE: https://github.com/OfflineIMAP/offlineimap/issues/669
NOTE: Fixed by:
https://github.com/OfflineIMAP/offlineimap3/commit/46505c53ef995455d66c685f9ec3ff6ea93dbb74
(v8.0.3)
CVE-2026-46275 (In the Linux kernel, the following vulnerability has been
resolved: B ...)
+ {DSA-6355-1}
- linux 7.0.12-1
NOTE:
https://git.kernel.org/linus/c1bb9336ae6b54a5f6a353c4bd4ed9a4307e429b (7.1-rc5)
CVE-2026-46274 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/d6a2d7b04b5a093021a7a0e2e69e9d5237dfa8cc (7.1-rc4)
CVE-2025-71315 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
@@ -11819,6 +11938,7 @@ CVE-2025-71313 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/03f336a869b3a3f119d3ae52ac9723739c7fb7b6 (7.0-rc1)
CVE-2026-46244 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 7.0.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -15634,6 +15754,7 @@ CVE-2026-46218 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.90-1
NOTE:
https://git.kernel.org/linus/66085e206431ef88ce36f53c1f53d570790ccc9e (7.1-rc1)
CVE-2026-46216 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ {DSA-6355-1}
- linux 7.0.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -15674,6 +15795,7 @@ CVE-2026-46204 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/2444eb0ec8283f4a3845eb7febad378476e1ba3c (7.1-rc1)
CVE-2026-46203 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6355-1}
- linux 7.0.9-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -15952,6 +16074,7 @@ CVE-2026-46171 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/b7c958d7c1eb1cb9b2be7b5ee4129fcd66cec978 (7.1-rc1)
CVE-2026-46170 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6355-1}
- linux 7.0.7-1
NOTE:
https://git.kernel.org/linus/b7b9a461569734d33d3259d58d2507adfac107ed (7.1-rc3)
CVE-2026-46169 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
@@ -15986,6 +16109,7 @@ CVE-2026-46161 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/9aa6d860b0930e2f72795665c42c44252a558a0c (7.1-rc2)
CVE-2026-46160 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ {DSA-6355-1}
- linux 7.0.7-1
NOTE:
https://git.kernel.org/linus/999757231c49376cd1a37308d2c8c4c9932571e1 (7.1-rc2)
CVE-2026-46159 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
@@ -15993,6 +16117,7 @@ CVE-2026-46159 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.90-1
NOTE:
https://git.kernel.org/linus/973e57c726c1f8e77259d1c8e519519f1e9aea77 (7.1-rc1)
CVE-2026-46158 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6355-1}
- linux 7.0.7-1
NOTE:
https://git.kernel.org/linus/9634cb35af17019baec21ca648516ce376fa10e6 (7.1-rc3)
CVE-2026-46157 (In the Linux kernel, the following vulnerability has been
resolved: A ...)
@@ -16037,6 +16162,7 @@ CVE-2026-46143 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/69acc488aaf39d0ddf6c3cf0e47c1873d39919a2 (7.1-rc1)
CVE-2026-46137 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6355-1}
- linux 7.0.7-1
NOTE:
https://git.kernel.org/linus/5cd6e0ad79d2615264f63929f8b457ad97ae550d (7.1-rc3)
CVE-2026-46136 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
@@ -16100,6 +16226,7 @@ CVE-2026-46119 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.88-1
NOTE:
https://git.kernel.org/linus/1c439de70b1c3eb3c6bffa8245c16b9fc318f114 (7.1-rc1)
CVE-2026-46117 (In the Linux kernel, the following vulnerability has been
resolved: R ...)
+ {DSA-6355-1}
- linux 7.0.7-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -18251,6 +18378,7 @@ CVE-2026-45932 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ae23bc81ddf7c17b663c4ed1b21e35527b0a7131 (7.0-rc1)
CVE-2026-45930 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a6a9bc544b675d8b5180f2718ec985ad267b5cbf (7.0-rc1)
@@ -18460,6 +18588,7 @@ CVE-2026-45852 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.85-1
NOTE:
https://git.kernel.org/linus/0beefd0e15d962f497aad750b2d5e9c3570b66d1 (7.0-rc1)
CVE-2026-45850 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ {DSA-6355-1}
- linux 6.19.6-1
NOTE:
https://git.kernel.org/linus/05cfe9863ef049d98141dc2969eefde72fb07625 (7.0-rc1)
CVE-2026-45848 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
@@ -18498,32 +18627,41 @@ CVE-2026-45837 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/4fddde2a732de60bb97e3307d4eb69ac5f1d2b74 (7.1-rc1)
CVE-2026-45846 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/aa6c6d9ee064aabfede4402fd1283424e649ca19 (7.1-rc2)
CVE-2026-45845 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 7.0.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3d07ca5c0fae311226f737963984bd94bb159a87 (7.1-rc2)
CVE-2026-45844 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/1e8e3f449b1e73b73a843257635b9c50f0cc0f0a (7.1-rc2)
CVE-2026-45843 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/4c1367a2d7aad643a6f87c6931b13cc1a25e8ca7 (7.1-rc1)
CVE-2026-45842 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/e76607442d5b73e1ba6768f501ef815bb58c2c0e (7.1-rc1)
CVE-2026-45841 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/2195574dc6d9017d32ac346987e12659f931d932 (7.1-rc1)
CVE-2026-45840 (In the Linux kernel, the following vulnerability has been
resolved: o ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/2091c6aa0df6aba47deb5c8ab232b1cb60af3519 (7.1-rc1)
CVE-2026-45839 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/1c22483a2c4bbf747787f328392ca3e68619c4dc (7.1-rc1)
CVE-2026-45838 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ {DSA-6355-1}
- linux 7.0.10-1
NOTE:
https://git.kernel.org/linus/5828b9e5b272ecff7cf5d345128d3de7324117f7 (7.1-rc1)
CVE-2026-9642
@@ -18887,6 +19025,7 @@ CVE-2025-15649 (IO::Uncompress::Unzip versions before
2.215 for Perl propagate u
NOTE: https://github.com/pmqs/IO-Compress/issues/65
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/fd28c1d2374eee9811f6d0c5bddc0957abdf1da8
(v2.215)
CVE-2026-8450 (HTTP::Daemon versions before 6.17 for Perl allow OS command
injection ...)
+ {DSA-6358-1 DLA-4639-1}
- libhttp-daemon-perl 6.17-1 (bug #1138050)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40435207/
NOTE: https://github.com/libwww-perl/HTTP-Daemon/pull/89
@@ -27802,6 +27941,7 @@ CVE-2026-42343 (FastGPT is an AI Agent building
platform. In versions 4.14.13 an
CVE-2026-42339 (New API is a large language mode (LLM) gateway and artificial
intellig ...)
NOT-FOR-US: New API
CVE-2026-42311 (Pillow is a Python imaging library. From version 10.3.0 to
before vers ...)
+ {DSA-6357-1}
- pillow 12.2.0-1
[bookworm] - pillow <not-affected> (Vulnerable code introduced later)
[bullseye] - pillow <not-affected> (Vulnerable code introduced later)
@@ -27810,6 +27950,7 @@ CVE-2026-42311 (Pillow is a Python imaging library.
From version 10.3.0 to befor
NOTE: Fixed by (merge):
https://github.com/python-pillow/Pillow/commit/58f9a1d166dcb0c274807d4423522d205b0c35ea
(12.2.0)
NOTE: Introduced by:
https://github.com/python-pillow/Pillow/commit/c2907dc04967109391a77eea00f7d583a0a0395f
(10.3.0)
CVE-2026-42310 (Pillow is a Python imaging library. From version 4.2.0 to
before versi ...)
+ {DSA-6357-1}
- pillow 12.2.0-1
[bullseye] - pillow <postponed> (Minor issue, DoS)
NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-r73j-pqj5-w3x7
@@ -27822,6 +27963,7 @@ CVE-2026-42309 (Pillow is a Python imaging library.
From version 11.2.1 to befor
[bullseye] - pillow <not-affected> (Vulnerable code introduced later)
NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-5xmw-vc9v-4wf2
CVE-2026-42308 (Pillow is a Python imaging library. Prior to version 12.2.0,
if a font ...)
+ {DSA-6357-1}
- pillow 12.2.0-1
[bullseye] - pillow <postponed> (Minor issue, UBSAN)
NOTE:
https://github.com/python-pillow/Pillow/security/advisories/GHSA-wjx4-4jcj-g98j
@@ -28974,6 +29116,7 @@ CVE-2026-43334 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.170-1
NOTE:
https://git.kernel.org/linus/d05111bfe37bfd8bd4d2dfe6675d6bdeef43f7c7 (7.0-rc7)
CVE-2026-43331 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ {DSA-6355-1}
- linux 6.19.12-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -29154,6 +29297,7 @@ CVE-2026-43304 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ac431d597a9bdfc2ba6b314813f29a6ef2b4a3bf (7.0-rc1)
CVE-2026-43303 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
+ {DSA-6355-1}
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/ac1ea219590c09572ed5992dc233bbf7bb70fef9 (7.0-rc1)
@@ -30978,6 +31122,7 @@ CVE-2025-71290 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/dad9f13d967b4e53e8eaf5f9c690f8e778ad9802 (7.0-rc1)
CVE-2025-71289 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
+ {DSA-6355-1}
- linux 6.19.6-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/576248a34b927e93b2fd3fff7df735ba73ad7d01 (7.0-rc1)
@@ -31449,6 +31594,7 @@ CVE-2026-43246 (In the Linux kernel, the following
vulnerability has been resolv
[bookworm] - linux 6.1.170-1
NOTE:
https://git.kernel.org/linus/cad237b6c875fbee5d353a2b289e98d240d17ec8 (7.0-rc1)
CVE-2026-43245 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 6.19.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -31553,6 +31699,7 @@ CVE-2026-43220 (In the Linux kernel, the following
vulnerability has been resolv
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/9e249c48412828e807afddc21527eb734dc9bd3d (7.0-rc1)
CVE-2026-43219 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 6.19.6-1
NOTE:
https://git.kernel.org/linus/9d724b34fbe13b71865ad0906a4be97571f19cf5 (7.0-rc1)
CVE-2026-43218 (In the Linux kernel, the following vulnerability has been
resolved: m ...)
@@ -32004,6 +32151,7 @@ CVE-2026-43117 (In the Linux kernel, the following
vulnerability has been resolv
[trixie] - linux 6.12.85-1
NOTE:
https://git.kernel.org/linus/a85b46db143fda5869e7d8df8f258ccef5fa1719 (7.0-rc6)
CVE-2026-43116 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 6.19.14-1
NOTE:
https://git.kernel.org/linus/bffcaad9afdfe45d7fc777397d3b83c1e3ebffe5 (7.0-rc6)
CVE-2026-43115 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
@@ -34485,6 +34633,7 @@ CVE-2026-31718 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/235e32320a470fcd3998fb3774f2290a0eb302a1 (7.1-rc1)
CVE-2026-31717 (In the Linux kernel, the following vulnerability has been
resolved: k ...)
+ {DSA-6355-1}
- linux 7.0.3-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -37365,6 +37514,7 @@ CVE-2026-31664 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.13-1
NOTE:
https://git.kernel.org/linus/71a98248c63c535eaa4d4c22f099b68d902006d0 (7.0)
CVE-2026-31663 (In the Linux kernel, the following vulnerability has been
resolved: x ...)
+ {DSA-6355-1}
- linux 6.19.13-1
NOTE:
https://git.kernel.org/linus/1c428b03840094410c5fb6a5db30640486bbbfcb (7.0)
CVE-2026-31662 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
@@ -37609,6 +37759,7 @@ CVE-2026-31614 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3d8b9d06bd3ac4c6846f5498800b0f5f8062e53b (7.1-rc1)
CVE-2026-31613 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6355-1}
- linux 6.19.14-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3df690bba28edec865cf7190be10708ad0ddd67e (7.1-rc1)
@@ -37862,6 +38013,7 @@ CVE-2026-31561 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/411df123c017169922cc767affce76282b8e6c85 (7.0-rc6)
CVE-2026-31560 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
+ {DSA-6355-1}
- linux 6.19.11-1
NOTE:
https://git.kernel.org/linus/3b46d61890632c8f8b117147b6923bff4b42ccb7 (7.0-rc3)
CVE-2026-31559 (In the Linux kernel, the following vulnerability has been
resolved: L ...)
@@ -39446,6 +39598,7 @@ CVE-2026-31487 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.11-1
NOTE:
https://git.kernel.org/linus/cc34d77dd48708d810c12bfd6f5bf03304f6c824 (7.0-rc6)
CVE-2026-31486 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
+ {DSA-6355-1}
- linux 6.19.11-1
NOTE:
https://git.kernel.org/linus/754bd2b4a084b90b5e7b630e1f423061a9b9b761 (7.0-rc6)
CVE-2026-31485 (In the Linux kernel, the following vulnerability has been
resolved: s ...)
@@ -42691,6 +42844,7 @@ CVE-2023-5872 (In Wago Smart Designer in versions up to
2.33.1 a low privileged
CVE-2023-3634 (In products of the MSE6 product-family by Festo a remote
authenticated ...)
NOT-FOR-US: Festo
CVE-2026-41035 (In rsync 3.0.1 through 3.4.1, receive_xattr relies on an
untrusted len ...)
+ {DLA-4591-1}
- rsync 3.4.2+ds1-1 (bug #1134617; unimportant)
[trixie] - rsync 3.4.1+ds1-5+deb13u2
[bookworm] - rsync 3.2.7-1+deb12u5
@@ -44309,6 +44463,7 @@ CVE-2026-31421 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.12-1
NOTE:
https://git.kernel.org/linus/faeea8bbf6e958bf3c00cb08263109661975987c (7.0-rc7)
CVE-2026-31420 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
+ {DSA-6355-1}
- linux 6.19.12-1
NOTE:
https://git.kernel.org/linus/fa6e24963342de4370e3a3c9af41e38277b74cf3 (7.0-rc7)
CVE-2026-31419 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
@@ -49639,6 +49794,7 @@ CVE-2026-23470 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/a55c2a5c8d680156495b7b1e2a9f5a3e313ba524 (7.0-rc5)
CVE-2026-23469 (In the Linux kernel, the following vulnerability has been
resolved: d ...)
+ {DSA-6355-1}
- linux 6.19.10-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -54940,6 +55096,7 @@ CVE-2026-3608 (Sending a maliciously crafted message to
the kea-ctrl-agent, kea-
[trixie] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2026-3608
CVE-2026-33515 (Squid is a caching proxy for the Web. Prior to version 7.5,
due to imp ...)
+ {DSA-6360-1}
- squid 7.5-1
[bookworm] - squid <no-dsa> (Minor issue)
[bullseye] - squid <postponed> (Minor issue)
@@ -54953,6 +55110,7 @@ CVE-2026-32748 (Squid is a caching proxy for the Web.
Prior to version 7.5, due
NOTE: https://www.openwall.com/lists/oss-security/2026/03/25/3
NOTE: Fixed by:
https://github.com/squid-cache/squid/commit/703e07d25ca6fa11f52d20bf0bb879e22ab7481b
(SQUID_7_5)
CVE-2026-33526 (Squid is a caching proxy for the Web. Prior to version 7.5,
due to hea ...)
+ {DSA-6360-1}
- squid 7.5-1
[bookworm] - squid <no-dsa> (Minor issue)
[bullseye] - squid <postponed> (Minor issue)
@@ -54963,6 +55121,7 @@ CVE-2026-23395 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.19.10-1
NOTE:
https://git.kernel.org/linus/5b3e2052334f2ff6d5200e952f4aa66994d09899 (7.0-rc5)
CVE-2026-23394 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
+ {DSA-6355-1}
- linux 6.19.10-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e5b31d988a41549037b8d8721a3c3cae893d8670 (7.0-rc5)
@@ -55343,6 +55502,7 @@ CVE-2026-23347 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/952caa5da10bed22be09612433964f6877ba0dde (7.0-rc3)
CVE-2026-23346 (In the Linux kernel, the following vulnerability has been
resolved: a ...)
+ {DSA-6355-1}
- linux 6.19.8-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/8f098037139b294050053123ab2bc0f819d08932 (7.0-rc2)
@@ -58298,6 +58458,7 @@ CVE-2026-23273 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.18.14-1
NOTE:
https://git.kernel.org/linus/e3f000f0dee1bfab52e2e61ca6a3835d9e187e35 (7.0-rc1)
CVE-2026-23272 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
+ {DSA-6355-1}
- linux 6.19.8-1
NOTE:
https://git.kernel.org/linus/def602e498a4f951da95c95b1b8ce8ae68aa733a (7.0-rc3)
CVE-2026-23271 (In the Linux kernel, the following vulnerability has been
resolved: p ...)
@@ -59764,6 +59925,7 @@ CVE-2026-23248 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/77de62ad3de3967818c3dbe656b7336ebee461d2 (7.0-rc2)
CVE-2026-23247 (In the Linux kernel, the following vulnerability has been
resolved: t ...)
+ {DSA-6355-1}
- linux 6.19.8-1
NOTE:
https://git.kernel.org/linus/165573e41f2f66ef98940cf65f838b2cb575d9d1 (7.0-rc3)
CVE-2026-23246 (In the Linux kernel, the following vulnerability has been
resolved: w ...)
@@ -63571,12 +63733,14 @@ CVE-2026-3086 (GStreamer H.266 Codec Parser
Out-Of-Bounds Write Remote Code Exec
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa1f5a80085ef65154a982dd3b23181100265c7e
(main)
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a2edc745bfea8835186a264c5e666be93f65a38e
(1.28.1)
CVE-2026-3083 (GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code
Execution Vulne ...)
+ {DSA-6359-1}
- gst-plugins-good1.0 1.28.1-1
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete
codec, dropped upstream as a fix)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf
(main)
CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code
Executio ...)
+ {DSA-6359-1}
- gst-plugins-good1.0 1.28.1-1
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, obsolete
codec, dropped upstream as a fix)
@@ -63624,6 +63788,7 @@ CVE-2026-2921 (GStreamer RIFF Palette Integer Overflow
Remote Code Execution Vul
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0004.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/66d1f79c78b573db714434cf08e7531bed4f4473
(main)
CVE-2026-1940 (An incomplete fix for CVE-2024-47778 allows an out-of-bounds
read in g ...)
+ {DSA-6359-1}
- gst-plugins-good1.0 1.28.1-1
[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
[bullseye] - gst-plugins-good1.0 <postponed> (Minor issue, OOB read)
@@ -87423,6 +87588,7 @@ CVE-2025-68769 (In the Linux kernel, the following
vulnerability has been resolv
- linux 6.18.3-1
NOTE:
https://git.kernel.org/linus/01fba45deaddcce0d0b01c411435d1acf6feab7b (6.19-rc1)
CVE-2025-68768 (In the Linux kernel, the following vulnerability has been
resolved: i ...)
+ {DSA-6355-1}
- linux 6.18.3-1
NOTE:
https://git.kernel.org/linus/006a5035b495dec008805df249f92c22c89c3d2e (6.19-rc2)
CVE-2025-68767 (In the Linux kernel, the following vulnerability has been
resolved: h ...)
@@ -99017,6 +99183,7 @@ CVE-2025-68252 (In the Linux kernel, the following
vulnerability has been resolv
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/fff111bf45cbeeb659324316d68554e35d350092 (6.18-rc3)
CVE-2025-68251 (In the Linux kernel, the following vulnerability has been
resolved: e ...)
+ {DSA-6355-1}
- linux 6.17.6-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -109891,6 +110058,7 @@ CVE-2025-11620 (The Multiple Roles per User plugin
for WordPress is vulnerable t
CVE-2025-11427 (The WP Migrate Lite \u2013 WordPress Migration Made Easy
plugin for Wo ...)
NOT-FOR-US: WordPress plugin
CVE-2025-10158 (A malicious client acting as the receiver of an rsync file
transfer ca ...)
+ {DLA-4591-1}
- rsync 3.4.1+ds1-7 (bug #1121442)
[trixie] - rsync 3.4.1+ds1-5+deb13u1
[bookworm] - rsync 3.2.7-1+deb12u4
@@ -180807,6 +180975,7 @@ CVE-2025-22070 (In the Linux kernel, the following
vulnerability has been resolv
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/3f61ac7c65bdb26accb52f9db66313597e759821 (6.15-rc1)
CVE-2025-22069 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
+ {DSA-6355-1}
- linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/67a5ba8f742f247bc83e46dd2313c142b1383276 (6.15-rc1)
CVE-2025-22068 (In the Linux kernel, the following vulnerability has been
resolved: u ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/193e7a2bd568e96918e4e91cbf2af8542f7584b8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/193e7a2bd568e96918e4e91cbf2af8542f7584b8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
