Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5ce38506 by Salvatore Bonaccorso at 2026-06-24T10:39:22+02:00
Add two dnsmasq issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -688,7 +688,9 @@ CVE-2026-27604 (FOSSBilling is a free, open-source billing
and client management
CVE-2026-13007 (Tenable Identity Exposure contains multiple unauthenticated
API endpoi ...)
TODO: check
CVE-2026-12969 (An out-of-bounds read vulnerability exists in dnsmasq's
find_soa() fun ...)
- TODO: check
+ - dnsmasq 2.93-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491663
+ NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=14094e88beca519c53151184cc4553656672b54f
(v2.93rc1)
CVE-2026-12958 (Missing symlink validation in Language Servers for AWS may
allow an ar ...)
NOT-FOR-US: Amazon
CVE-2026-12957 (Improper trust boundary enforcement in Language Servers for
AWS before ...)
@@ -1265,7 +1267,9 @@ CVE-2026-12863 (An unvalidated redirect was contained in
Venueless' social login
CVE-2026-12862 (Untrusted user data was passed verbatim to Excel exports for
administr ...)
NOT-FOR-US: rami.io products
CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC
validat ...)
- TODO: check
+ - dnsmasq 2.93-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2490763
+ NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=36d081e37477027fd721fea498f3760f529034ad
(v2.93test10)
CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM
Storage Pro ...)
NOT-FOR-US: IBM
CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions
prior t ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce38506f45d9f6e9c2f164bb90029b0b5dd1eb7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce38506f45d9f6e9c2f164bb90029b0b5dd1eb7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits