Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c9a1a9e0 by security tracker role at 2026-06-24T07:13:25+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,257 @@
+CVE-2026-9724 (The MotorDesk plugin for WordPress is vulnerable to Cross-Site 
Request ...)
+       TODO: check
+CVE-2026-9721 (The Book a Room Event Calendar plugin for WordPress is 
vulnerable to C ...)
+       TODO: check
+CVE-2026-9710 (The Cornerstone WordPress plugin before 7.8.8 does not enforce 
capabil ...)
+       TODO: check
+CVE-2026-9709 (The Cornerstone WordPress plugin before 7.8.9 does not enforce 
capabil ...)
+       TODO: check
+CVE-2026-9643 (The WP Meta SEO plugin for WordPress is vulnerable to 
Unauthenticated  ...)
+       TODO: check
+CVE-2026-9620 (The WP Latest Posts plugin for WordPress is vulnerable to 
Stored Cross ...)
+       TODO: check
+CVE-2026-9619 (The Reviews and Rating \u2013 Docplanner plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2026-9616 (The Generate Security.txt plugin for WordPress is vulnerable to 
author ...)
+       TODO: check
+CVE-2026-9612 (The WhatsOrder \u2013 Instant Checkout for WooCommerce plugin 
for Word ...)
+       TODO: check
+CVE-2026-9539 (An out-of-bounds heap read and integer underflow in the TCP 
urgent dat ...)
+       TODO: check
+CVE-2026-9184 (The 24liveblog - live blog tool plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2026-9183 (The 24liveblog - live blog tool plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2026-9179 (The WP Forms Connector plugin for WordPress is vulnerable to 
SQL Injec ...)
+       TODO: check
+CVE-2026-9178 (The WP Forms Connector plugin for WordPress is vulnerable to 
Informati ...)
+       TODO: check
+CVE-2026-9175 (The Devs Accounting \u2013 Simple Accounting and Invoicing 
Solution pl ...)
+       TODO: check
+CVE-2026-9172 (The Devs Accounting \u2013 Simple Accounting and Invoicing 
Solution pl ...)
+       TODO: check
+CVE-2026-9073 (A flaw was found in foreman-mcp-server. This component utilizes 
two di ...)
+       TODO: check
+CVE-2026-8905 (The Osiris Signature Banner plugin for WordPress is vulnerable 
to Cros ...)
+       TODO: check
+CVE-2026-8896 (The MIR blocks and shortcodes plugin for WordPress is 
vulnerable to St ...)
+       TODO: check
+CVE-2026-8865 (The Avalon23 Products Filter for WooCommerce plugin for 
WordPress is v ...)
+       TODO: check
+CVE-2026-8705 (The ClearSale Total plugin for WordPress is vulnerable to SQL 
Injectio ...)
+       TODO: check
+CVE-2026-8690 (The RentMy Real-Time Rental Management Plugin plugin for 
WordPress is  ...)
+       TODO: check
+CVE-2026-8688 (The Advance Nav Menu Manager plugin for WordPress is vulnerable 
to aut ...)
+       TODO: check
+CVE-2026-8628 (The EntreDroppers plugin for WordPress is vulnerable to 
Reflected Cros ...)
+       TODO: check
+CVE-2026-8622 (The Image Sizes on Demand plugin for WordPress is vulnerable to 
Reflec ...)
+       TODO: check
+CVE-2026-8617 (The SearchPlus plugin for WordPress is vulnerable to 
unauthorized modi ...)
+       TODO: check
+CVE-2026-8614 (The Assistio plugin for WordPress is vulnerable to unauthorized 
modifi ...)
+       TODO: check
+CVE-2026-7617 (The Secufor_OAuth plugin for WordPress is vulnerable to 
unauthorized a ...)
+       TODO: check
+CVE-2026-7574 (Anthropic Claude Desktop Cowork VM image handling (confirmed 
across v1 ...)
+       TODO: check
+CVE-2026-6458 (Missing cryptographic step in Caliptra Core Firmware 
(aes_256_gcm_upda ...)
+       TODO: check
+CVE-2026-6292 (The MP Customize Login Page plugin for WordPress is vulnerable 
to Cros ...)
+       TODO: check
+CVE-2026-5818 (Incorrect check of function return value in Caliptra Core 
Runtime Firm ...)
+       TODO: check
+CVE-2026-56785 (FlatPress versions prior to commit 10be83c, contains a stored 
cross-si ...)
+       TODO: check
+CVE-2026-56120
+       REJECTED
+CVE-2026-54762 (Traefik is an HTTP reverse proxy and load balancer. From 
3.7.0-ea.1 un ...)
+       TODO: check
+CVE-2026-54761 (Traefik is an HTTP reverse proxy and load balancer. Prior to 
3.6.21 an ...)
+       TODO: check
+CVE-2026-54639 (Style Dictionary, a build system for creating cross-platform 
styles, h ...)
+       TODO: check
+CVE-2026-54588 (Poweradmin is a web-based DNS administration tool for PowerDNS 
server. ...)
+       TODO: check
+CVE-2026-54555 (rtk filters and compresses command outputs before they reach 
your LLM  ...)
+       TODO: check
+CVE-2026-54518 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-54517 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-54516 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-54515 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-54514 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-54513 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-54512 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-54328 (Pi is a minimal terminal coding harness. From 0.74.0 until 
0.78.1, Pi  ...)
+       TODO: check
+CVE-2026-54327 (Pi is a minimal terminal coding harness. From 0.74.0 until 
0.78.1, Pi  ...)
+       TODO: check
+CVE-2026-54326 (Pi is a minimal terminal coding harness. From 0.74.0 until 
0.78.1, Pi  ...)
+       TODO: check
+CVE-2026-54325 (Pi is a minimal terminal coding harness. Pi before 0.79.0 
loaded proje ...)
+       TODO: check
+CVE-2026-53931 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-53930 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-53929 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-53928 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-53927 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-53926 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-53622 (Traefik is an HTTP reverse proxy and load balancer. Prior to 
3.7.3, th ...)
+       TODO: check
+CVE-2026-50193 (jackson-databind contains the general-purpose data-binding 
functionali ...)
+       TODO: check
+CVE-2026-4297 (The Welcome Software Publishing plugin for WordPress is 
vulnerable to  ...)
+       TODO: check
+CVE-2026-48493 (Snipe-IT is an IT asset/license management system. In versions 
prior t ...)
+       TODO: check
+CVE-2026-48491 (Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 
until 3 ...)
+       TODO: check
+CVE-2026-48020 (Traefik is an HTTP reverse proxy and load balancer. Prior to 
2.11.48,  ...)
+       TODO: check
+CVE-2026-47693 (Poweradmin is a web-based DNS administration tool for PowerDNS 
server. ...)
+       TODO: check
+CVE-2026-47388 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47387 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47386 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47385 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47384 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47383 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47382 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47381 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47380 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47379 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47378 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47377 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47376 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47375 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-47279 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46554 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46553 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46552 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46551 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46550 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46549 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46548 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-46547 (NocoDB is software for building databases as spreadsheets. 
Prior to 20 ...)
+       TODO: check
+CVE-2026-45792 (rtk filters and compresses command outputs before they reach 
your LLM  ...)
+       TODO: check
+CVE-2026-41862 (Spring Statemachine's Kryo-based persistence backends (JPA, 
MongoDB, R ...)
+       TODO: check
+CVE-2026-3652 (The ARForms plugin for WordPress is vulnerable to Stored 
Cross-Site Sc ...)
+       TODO: check
+CVE-2026-39253 (An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker 
to execut ...)
+       TODO: check
+CVE-2026-23513 (FOSSBilling is a free, open-source billing and client 
management syste ...)
+       TODO: check
+CVE-2026-13006 (ACE vulnerability in conditional configuration file processing 
 by QOS ...)
+       TODO: check
+CVE-2026-12892 (A flaw was found in GStreamer's gst-plugins-bad package. When 
processi ...)
+       TODO: check
+CVE-2026-12891 (A flaw was found in the GStreamer gst-plugins-bad package. 
When proces ...)
+       TODO: check
+CVE-2026-12851 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
+       TODO: check
+CVE-2026-12850 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
+       TODO: check
+CVE-2026-12849 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
+       TODO: check
+CVE-2026-12848 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
+       TODO: check
+CVE-2026-12847 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
+       TODO: check
+CVE-2026-12846 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
+       TODO: check
+CVE-2026-12681 (Improper Validation of Specified Index, Position, or Offset in 
Input v ...)
+       TODO: check
+CVE-2026-12488 (A memory corruption vulnerability exists in the GV-Cloud 
functionality ...)
+       TODO: check
+CVE-2026-12486 (Multiple OS command injection vulnerabilities exist in the 
libNetSetOb ...)
+       TODO: check
+CVE-2026-12485 (GV-I/O Box 4E is a smart embedded device with 4 input and 4 
relays out ...)
+       TODO: check
+CVE-2026-12417 (The SignUp & SignIn plugin for WordPress is vulnerable to 
Authenticati ...)
+       TODO: check
+CVE-2026-12416 (The Invoice Generator plugin for WordPress is vulnerable to 
Account Ta ...)
+       TODO: check
+CVE-2026-12164 (Fortra File Integrity Monitoring (FIM), formerly Tripwire 
Enterprise,  ...)
+       TODO: check
+CVE-2026-12163 (Fortra File Integrity Monitoring (FIM), formerly Tripwire 
Enterprise,  ...)
+       TODO: check
+CVE-2026-12112 (A flaw was found in the foreman-mcp-server. A session 
management vulne ...)
+       TODO: check
+CVE-2026-12100 (The URL Preview plugin for WordPress is vulnerable to 
Server-Side Requ ...)
+       TODO: check
+CVE-2026-12095 (The Kargo Takip plugin for WordPress is vulnerable to 
Server-Side Requ ...)
+       TODO: check
+CVE-2026-12094 (The Advanced Contact Form 7 - Compact DB plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2026-11997 (The Bulk SEO Image plugin for WordPress is vulnerable to 
Cross-Site Re ...)
+       TODO: check
+CVE-2026-11972 (When using the "tarfile" module with a file opened in 
"streaming mode" ...)
+       TODO: check
+CVE-2026-11820 (Module: plugins/modules/nexmo.py  CVSS 3.1: 6.5 MEDIUM \u2014 
AV:N/AC: ...)
+       TODO: check
+CVE-2026-11819 (Module: plugins/modules/keyring_info.py   CVSS 3.1: 5.5 MEDIUM 
\u2014  ...)
+       TODO: check
+CVE-2026-11807 (A missing authorization vulnerability was found in the 
Event-Driven An ...)
+       TODO: check
+CVE-2026-11614 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for 
WordPress ...)
+       TODO: check
+CVE-2026-11370 (The WP Meta SEO plugin for WordPress is vulnerable to 
Server-Side Requ ...)
+       TODO: check
+CVE-2026-10753 (The Site Kit by Google  WordPress plugin before 1.176.0 does 
not prope ...)
+       TODO: check
+CVE-2026-10749 (The Post Duplicator WordPress plugin before 3.0.15 does not 
safely han ...)
+       TODO: check
+CVE-2026-10735 (Multiple Shapedsmart-post-show-pro WordPress plugin before 
4.0.2, Real ...)
+       TODO: check
+CVE-2026-10552 (The Blue Captcha plugin for WordPress is vulnerable to 
Cross-Site Requ ...)
+       TODO: check
+CVE-2026-10531 (The AI Share & Summarize WordPress plugin before 2.0.4 does 
not saniti ...)
+       TODO: check
+CVE-2026-10092 (The Cincopa video and media plug-in plugin for WordPress is 
vulnerable ...)
+       TODO: check
+CVE-2026-10091 (The Email JavaScript Cloak plugin for WordPress is vulnerable 
to Store ...)
+       TODO: check
+CVE-2025-64105 (FOSSBilling is a billing and client management system that 
automates i ...)
+       TODO: check
 CVE-2026-8286
        - curl 8.21.0~rc2-1
        NOTE: https://curl.se/docs/CVE-2026-8286.html
@@ -128,7 +382,7 @@ CVE-2026-57062 (CMS (Cryptographic Message Syntax) parsing 
in gpgsm in GnuPG thr
        NOTE: Fixed by: 
https://github.com/gpg/gnupg/commit/4c7e68cf3d335328821bdbb70db309a60d0e4fd4
 CVE-2026-56815 (pwnlift before d7a9544, in a privileged deployment, contains a 
symlink ...)
        NOT-FOR-US: pwnlift
-CVE-2026-56784 (OpenRemote Manager before 1.24.2 contains an insecure direct 
object re ...)
+CVE-2026-56784 (OpenRemote before 1.25.0 contains an insecure direct object 
reference  ...)
        NOT-FOR-US: OpenRemote Manager
 CVE-2026-56762 (Hono before 4.12.12 does not validate cookie names on the 
write path i ...)
        NOT-FOR-US: Hono
@@ -6166,7 +6420,7 @@ CVE-2026-45172 (Due to incomplete input validation in 
Idira Privileged Session M
        NOT-FOR-US: Palo Alto Networks
 CVE-2026-45171 (Incomplete input validation and improperly configured folder 
permissio ...)
        NOT-FOR-US: Palo Alto Networks
-CVE-2026-45170 (Idira Privilege Cloud Connector versions prior 1.1.100504 
under specif ...)
+CVE-2026-45170 (Idira Vendor PAM - Self-Hosted Connector versions prior 
1.1.100504 und ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2026-45169 (Idira Privileged Access Manager (PAM) Self-Hosted Vault 
versions prior ...)
        NOT-FOR-US: Palo Alto Networks
@@ -6416,7 +6670,7 @@ CVE-2026-53464 (ImageMagick is free and open-source 
software used for editing an
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j989-f892-2335
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/310e325e65f5171f35ec6305c9c21ec253d80852
 (7.1.2-25)
 CVE-2026-53463 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DSA-6356-1}
+       {DSA-6356-1 DLA-4643-1}
        - imagemagick 8:7.1.2.25+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-p9rq-q46c-g4x6
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/aa288f3023da9ad9e0d85563d76ea7e1cb58abed
 (7.1.2-25)
@@ -6442,7 +6696,7 @@ CVE-2026-53461 (ImageMagick is free and open-source 
software used for editing an
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/b44b0a2443451ca8350513ca0f61b8d8846c87cd
 (6.9.13-50)
        NOTE: Introduced by: 
https://github.com/ImageMagick/ImageMagick6/commit/b655528e86e277cea0ebcb61c4accab877d16648
 (6.9.12-98)
 CVE-2026-53460 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DSA-6356-1}
+       {DSA-6356-1 DLA-4643-1}
        - imagemagick 8:7.1.2.25+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-q62c-h75r-2xhc
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/960367f3318e650ba8544c0ce3844d7897aba43b
 (7.1.2-25)
@@ -6485,24 +6739,25 @@ CVE-2026-49219 (ImageMagick is free and open-source 
software used for editing an
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/d1bf6bcf357fef944280263892dadf84fbb2211d
 (7.1.2-24)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/ac84db0cfd4891c0474b7bfdd3c1d016aa57216a
 (6.9.13-49)
 CVE-2026-49218 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DSA-6356-1}
+       {DSA-6356-1 DLA-4643-1}
        - imagemagick 8:7.1.2.24+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-8pj9-6897-74xc
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/84fbcef8a558b1da075417a89d29aa5632d57f63
 (7.1.2-24)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/14faf35495e9191f54bc63df44383a76f5cf16d9
 (6.9.13-49)
 CVE-2026-48994 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DSA-6356-1}
+       {DSA-6356-1 DLA-4643-1}
        - imagemagick 8:7.1.2.24+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-4v89-6mgq-6rgc
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/44df3a54af31b8d33fa5e40b4dc61d051c4a5d9a
 (7.1.2-24)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/662a1667d115a65b22a3792755431fc9c1f31d89
 (6.9.13-49)
 CVE-2026-48734 (ImageMagick is free and open-source software used for editing 
and mani ...)
-       {DSA-6356-1}
+       {DSA-6356-1 DLA-4643-1}
        - imagemagick 8:7.1.2.24+dfsg1-1
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h36c-3666-h489
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick/commit/9ee821731faee8c4cc44103cc4180854046bb13c
 (7.1.2-24)
        NOTE: Fixed by: 
https://github.com/ImageMagick/ImageMagick6/commit/60153856299c66689e3620b8347c0cc32c807d95
 (6.9.13-49)
 CVE-2026-48733 (ImageMagick is free and open-source software used for editing 
and mani ...)
+       {DLA-4643-1}
        - imagemagick 8:7.1.2.24+dfsg1-1
        [trixie] - imagemagick <not-affected> (vulnerable code introduced later)
        NOTE: 
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5v62-8fq6-cp9m
@@ -34191,6 +34446,7 @@ CVE-2026-42076 (Evolver is a GEP-powered self-evolving 
engine for AI agents. Pri
 CVE-2026-42075 (Evolver is a GEP-powered self-evolving engine for AI agents. 
Prior to  ...)
        NOT-FOR-US: Evolver
 CVE-2026-42052 (Beets is the media library management system. Prior to version 
2.10.0, ...)
+       {DLA-4641-1}
        - beets 2.11.0-1 (bug #1135779)
        [trixie] - beets <no-dsa> (Minor issue)
        [bookworm] - beets <no-dsa> (Minor issue)
@@ -59008,6 +59264,7 @@ CVE-2026-33291 (Discourse is an open-source discussion 
platform. Prior to versio
 CVE-2026-33251 (Discourse is an open-source discussion platform. Prior to 
versions 202 ...)
        NOT-FOR-US: Discourse
 CVE-2026-46728 (Das U-Boot before 2026.04 allows FIT (Flat Image Tree) 
signature verif ...)
+       {DLA-4642-1}
        - u-boot 2025.01-3.2 (bug #1136954)
        [trixie] - u-boot <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/u-boot/u-boot/commit/2092322b31cc8b1f8c9e2e238d1043ae0637b241
 (v2026.04-rc4)
@@ -252456,6 +252713,7 @@ CVE-2024-42523 (publiccms V4.0.202302.e and before is 
vulnerable to Any File Upl
 CVE-2024-42364 (Homepage is a highly customizable homepage with Docker and 
service API ...)
        NOT-FOR-US: gethomepage/homepage
 CVE-2024-42040 (Buffer Overflow vulnerability in the net/bootp.c in DENEX 
U-Boot from  ...)
+       {DLA-4642-1}
        - u-boot 2025.01-3.2 (bug #1081557)
        [trixie] - u-boot <postponed> (Minor issue, revisit when fixed upstream)
        NOTE: https://lists.denx.de/pipermail/u-boot/2024-August/562528.html



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9a1a9e069e68645524adbcd013c7baa9dbf8bfd

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9a1a9e069e68645524adbcd013c7baa9dbf8bfd
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to