Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d6f08e82 by security tracker role at 2026-06-27T07:13:10+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,242 +1,384 @@
-CVE-2026-53324 [net: mana: Use pci_name() for debugfs directory naming]
+CVE-2026-9677 (The Shariff for WordPress Shariff for WordPress plugin through 
1.0.11  ...)
+       TODO: check
+CVE-2026-56414 (A vulnerability exists in H.View IP cameras 
certificate-related upload ...)
+       TODO: check
+CVE-2026-55975 (A vulnerability exists in H.View IP cameras that could allow 
an authen ...)
+       TODO: check
+CVE-2026-55838 (RustFS is a distributed object storage system built in Rust. 
In 1.0.0- ...)
+       TODO: check
+CVE-2026-55189 (RustFS is a distributed object storage system built in Rust. 
From 1.0. ...)
+       TODO: check
+CVE-2026-55188 (RustFS is a distributed object storage system built in Rust. 
From 1.0. ...)
+       TODO: check
+CVE-2026-55069 (Kestra is an open-source, event-driven orchestration platform. 
Prior t ...)
+       TODO: check
+CVE-2026-54353 (Budibase is an open-source low-code platform. Prior to 3.39.9, 
authent ...)
+       TODO: check
+CVE-2026-54352 (Budibase is an open-source low-code platform. Prior to 3.39.9, 
`POST / ...)
+       TODO: check
+CVE-2026-54351 (Budibase is an open-source low-code platform. Prior to 3.39.9, 
the web ...)
+       TODO: check
+CVE-2026-54350 (Budibase is an open-source low-code platform. Prior to 
3.39.12,  an un ...)
+       TODO: check
+CVE-2026-53577 (Kestra is an open-source, event-driven orchestration platform. 
Prior t ...)
+       TODO: check
+CVE-2026-53576 (Kestra is an open-source, event-driven orchestration platform. 
Prior t ...)
+       TODO: check
+CVE-2026-52885 (Notepad++ is a free and open-source source code editor. Prior 
to 8.9.6 ...)
+       TODO: check
+CVE-2026-52884 (Notepad++ is a free and open-source source code editor. In 
v8.9.6.1, i ...)
+       TODO: check
+CVE-2026-52785 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-52784 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-52783 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-52782 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-52781 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-52780 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-52779 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-50767 (A stored cross-site scripting (XSS) vulnerability in the item 
type adm ...)
+       TODO: check
+CVE-2026-50766 (A stored cross-site scripting (XSS) vulnerability in the OPAC 
item det ...)
+       TODO: check
+CVE-2026-50765 (Cross-Site Scripting (XSS) vulnerability in the patron 
restriction typ ...)
+       TODO: check
+CVE-2026-50137 (Budibase is an open-source low-code platform. Prior to 3.39.0, 
an anon ...)
+       TODO: check
+CVE-2026-50136 (Budibase is an open-source low-code platform. Prior to 3.39.3, 
the app ...)
+       TODO: check
+CVE-2026-50132 (Budibase is an open-source low-code platform. Prior to 3.39.0, 
`GET /a ...)
+       TODO: check
+CVE-2026-49991 (RustFS is a distributed object storage system built in Rust. 
In 1.0.0- ...)
+       TODO: check
+CVE-2026-49984 (Kestra is an open-source, event-driven orchestration platform. 
Prior t ...)
+       TODO: check
+CVE-2026-49869 (Kestra is an open-source, event-driven orchestration platform. 
Prior t ...)
+       TODO: check
+CVE-2026-49355 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-48800 (Notepad++ is a free and open-source source code editor. Prior 
to 8.9.6 ...)
+       TODO: check
+CVE-2026-48778 (Notepad++ is a free and open-source source code editor. Prior 
to 8.9.6 ...)
+       TODO: check
+CVE-2026-48770 (Notepad++ is a free and open-source source code editor. Prior 
to 8.9.6 ...)
+       TODO: check
+CVE-2026-47193 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-46710 (Notepad++ is a free and open-source source code editor. From 
8.9.4 unt ...)
+       TODO: check
+CVE-2026-46604 (The TIFF decoder can panic when decoding an invalid image with 
an out- ...)
+       TODO: check
+CVE-2026-46386 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-45807 (Kestra is an open-source, event-driven orchestration platform. 
Prior t ...)
+       TODO: check
+CVE-2026-44736 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-44735 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-44734 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-44733 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-44732 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-44731 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-44696 (OpenProject is open-source, web-based project management 
software. Pri ...)
+       TODO: check
+CVE-2026-39031 (Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption 
with a ha ...)
+       TODO: check
+CVE-2026-38641 (An issue in the DSO::mmap_and_copy function of relibc commit 
61f42d al ...)
+       TODO: check
+CVE-2026-38639 (An issue in the parse_month function (/time/strptime.rs) of 
relibc com ...)
+       TODO: check
+CVE-2026-38571 (Cleartext storage and exposure of WPA2 credentials, and 
missing authen ...)
+       TODO: check
+CVE-2026-36908 (A stack overflow in the 
AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity ...)
+       TODO: check
+CVE-2026-36907 (A stack overflow in the AP4_StsdAtom::AP4_StsdAtom component 
of axioma ...)
+       TODO: check
+CVE-2026-36478 (An issue in Technitium DNS Server v.14.3 and before allows a 
remote at ...)
+       TODO: check
+CVE-2026-33560 (The DMP-5000 file service exposes authenticated arbitrary file 
upload  ...)
+       TODO: check
+CVE-2026-32833 (Cudy LT300 3.0 running firmware prior to version 2.5.12 
contains an OS ...)
+       TODO: check
+CVE-2026-31928 (The DMP-5000 devices are shipped with a default administrative 
web acc ...)
+       TODO: check
+CVE-2026-29509 (Patool before 4.0.5 contains a path traversal vulnerability in 
the saf ...)
+       TODO: check
+CVE-2026-28701 (Various versions of Daktronics Controller Firmware could allow 
authent ...)
+       TODO: check
+CVE-2026-13422 (The HD Quiz plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
+       TODO: check
+CVE-2026-13335 (The CodePeople Post Map for Google Maps plugin for WordPress 
is vulner ...)
+       TODO: check
+CVE-2026-13333 (The Groundhogg \u2014 CRM, Newsletters, and Marketing 
Automation plugi ...)
+       TODO: check
+CVE-2026-13331 (The Groundhogg \u2014 CRM, Newsletters, and Marketing 
Automation plugi ...)
+       TODO: check
+CVE-2026-13245 (The MaxButtons \u2013 Create buttons plugin for WordPress is 
vulnerabl ...)
+       TODO: check
+CVE-2026-12415 (The Invoice Generator plugin for WordPress is vulnerable to 
privilege  ...)
+       TODO: check
+CVE-2026-12404 (The NEX-Forms \u2013 Ultimate Forms Plugin for WordPress 
plugin for Wo ...)
+       TODO: check
+CVE-2026-11356 (The Ivory Search \u2013 WordPress Search Plugin plugin for 
WordPress i ...)
+       TODO: check
+CVE-2026-10820 (The Paid Membership Plugin, Ecommerce, User Registration Form, 
Login F ...)
+       TODO: check
+CVE-2025-59868 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a 
sensitiv ...)
+       TODO: check
+CVE-2024-23581 (The HCL Traveler for Microsoft Outlook libraries are being 
flagged as  ...)
+       TODO: check
+CVE-2023-37524 (HCL Traveler for Microsoft Outlook (HTMO) is susceptible to 
vulnerabil ...)
+       TODO: check
+CVE-2026-53324 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/c116f07ab9d22bb6f355f3cf9e44c1e6a47fe559 (7.1-rc1)
-CVE-2026-53323 [net: dsa: remove redundant netdev_lock_ops() from conduit 
ethtool ops]
+CVE-2026-53323 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/0f99e0c3e19badaf3fdced0d3feba623e59eed41 (7.1-rc1)
-CVE-2026-53322 [vfio/pci: Clean up DMABUFs before disabling function]
+CVE-2026-53322 (In the Linux kernel, the following vulnerability has been 
resolved:  v ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/d97708701434ce72968e771976aaf9d3438fcafd (7.1-rc1)
-CVE-2026-53319 [blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()]
+CVE-2026-53319 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/e9b004ff83067cdf96774b45aea4b239ace99a2f (7.1-rc1)
-CVE-2026-53318 [wifi: mt76: mt7925: prevent NULL pointer dereference in 
mt7925_tx_check_aggr()]
+CVE-2026-53318 (In the Linux kernel, the following vulnerability has been 
resolved:  w ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/83ae3a18ba957257b4c406273d2da2caeea2b439 (7.1-rc1)
-CVE-2026-53316 [drm/amd/ras: Fix NULL deref in 
ras_core_ras_interrupt_detected()]
+CVE-2026-53316 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/6b606216e03fa2b53cc179d8383b683a140fe6e1 (7.1-rc1)
-CVE-2026-53315 [drm/amd/ras: Fix NULL deref in 
ras_core_get_utc_second_timestamp()]
+CVE-2026-53315 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/2b8101cc3b34d4d80d799360d2744829d5964479 (7.1-rc1)
-CVE-2026-53312 [iommu/riscv: Remove overflows on the invalidation path]
+CVE-2026-53312 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/40a13b49957937427bc23e78eb50679df4396a47 (7.1-rc1)
-CVE-2026-53311 [fuse: fix uninit-value in fuse_dentry_revalidate()]
+CVE-2026-53311 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/5a6baf204610589f8a5b5a1cd69d1fe661d9d3cd (7.1-rc1)
-CVE-2026-53310 [soc/tegra: cbb: Fix cross-fabric target timeout lookup]
+CVE-2026-53310 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/a5f51b04cbb3ae0f9cb2c4488952b775ebb0ccbf (7.1-rc1)
-CVE-2026-53307 [pinctrl: pinconf-generic: Fully validate 'pinmux' property]
+CVE-2026-53307 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/c98324ea7849b6e5baa1774f71709b375a2c2f9e (7.1-rc1)
-CVE-2026-53305 [usb: typec: ps883x: Fix Oops at unbind]
+CVE-2026-53305 (In the Linux kernel, the following vulnerability has been 
resolved:  u ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/381133848a033c2086cf9cafb226f425bd0414ff (7.1-rc1)
-CVE-2026-53302 [crypto: eip93 - fix hmac setkey algo selection]
+CVE-2026-53302 (In the Linux kernel, the following vulnerability has been 
resolved:  c ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/3ba3b02f897b14e34977e1886d95ffe64d907204 (7.1-rc1)
-CVE-2026-53301 [reset: amlogic: t7: Fix null reset ops]
+CVE-2026-53301 (In the Linux kernel, the following vulnerability has been 
resolved:  r ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/9797524ef2b69c6b187b55bd844eb72a8c1cbd99 (7.1-rc1)
-CVE-2026-53300 [net: enetc: fix NTMP DMA use-after-free issue]
+CVE-2026-53300 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/3cade698881eb238f88cbbfec82acc2110440a3f (7.1-rc1)
-CVE-2026-53299 [net: airoha: Move ndesc initialization at end of 
airoha_qdma_init_tx()]
+CVE-2026-53299 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/f329924bb49458c65297f1361f545816a5b90998 (7.1-rc1)
-CVE-2026-53298 [net: airoha: Move ndesc initialization at end of 
airoha_qdma_init_rx_queue()]
+CVE-2026-53298 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/379050947a1828826ad7ea50c95245a56929b35a (7.1-rc1)
-CVE-2026-53293 [drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG]
+CVE-2026-53293 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/0ef196a208385b7d7da79f411c161b04e97283e2 (7.1-rc2)
-CVE-2026-53290 [drm/xe/eustall: Fix drm_dev_put called before stream disable 
in close]
+CVE-2026-53290 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/dc2d9842c67d883d3200ae33b9c3859dd9492408 (7.1-rc2)
-CVE-2026-53288 [arm64: Reserve an extra page for early kernel mapping]
+CVE-2026-53288 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/4d8e74ad4585672489da6145b3328d415f50db82 (7.1-rc2)
-CVE-2026-53286 [idpf: fix double free and use-after-free in aux device error 
paths]
+CVE-2026-53286 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/6c77b9510829a424d1b74409b7db9456e3522871 (7.1-rc4)
-CVE-2026-53283 [iommu/amd: Bounds-check devid in __rlookup_amd_iommu()]
+CVE-2026-53283 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/07d0f496fe7ec5abe3bee7e38be709521567bb33 (7.1-rc4)
-CVE-2026-53282 [x86/kexec: Push kjump return address even for non-kjump kexec]
+CVE-2026-53282 (In the Linux kernel, the following vulnerability has been 
resolved:  x ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/786a45757dcdf8f2beb9d4a6db605db16c18b2b4 (7.1-rc4)
-CVE-2026-53280 [iommu: Fix NULL group->domain dereference in 
pci_dev_reset_iommu_done()]
+CVE-2026-53280 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/d769711fcddd005f1e654b3bde547140917fe696 (7.1-rc4)
-CVE-2026-53278 [arm_mpam: Check whether the config array is allocated before 
destroying it]
+CVE-2026-53278 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/6ccbb613b42a1f1ba7bfd547a148f644a902a25c (7.1-rc4)
-CVE-2026-53321 [io_uring/napi: cap busy_poll_to 10 msec]
+CVE-2026-53321 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.10-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/df8599ee18c0e5fe343ffe0b4c379636b8bb839a (7.1-rc2)
-CVE-2026-53320 [nilfs2: reject zero bd_oblocknr in 
nilfs_ioctl_mark_blocks_dirty()]
+CVE-2026-53320 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/be3e5d10643d3be1cbac9d9939f220a99253f980 (7.1-rc1)
-CVE-2026-53317 [wifi: mt76: mt7921: Place upper limit on station AID]
+CVE-2026-53317 (In the Linux kernel, the following vulnerability has been 
resolved:  w ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/4d0bf21e3e20619d51d06c0c36207aabab8b712c (7.1-rc1)
-CVE-2026-53314 [padata: Put CPU offline callback in ONLINE section to allow 
failure]
+CVE-2026-53314 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/c8c4a2972f83c8b68ff03b43cecdb898939ff851 (7.1-rc1)
-CVE-2026-53313 [drm/amd/display: Avoid NULL dereference in dc_dmub_srv error 
paths]
+CVE-2026-53313 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.10-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/4ae3e16f4b3bf64140f773629b765d605ee079a9 (7.1-rc1)
-CVE-2026-53309 [ocfs2/dlm: fix off-by-one in dlm_match_regions() region 
comparison]
+CVE-2026-53309 (In the Linux kernel, the following vulnerability has been 
resolved:  o ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/01b61e8dda9b0fdb0d4cda43de25f4e390554d7b (7.1-rc1)
-CVE-2026-53308 [power: supply: max77705: Free allocated workqueue and fix 
removal order]
+CVE-2026-53308 (In the Linux kernel, the following vulnerability has been 
resolved:  p ...)
        - linux 7.0.10-1
        [trixie] - linux <not-affected> (Vulnerable code not present)
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/1e668baadefb16e81269dbfebf3ffc2672e3a3bb (7.1-rc1)
-CVE-2026-53306 [tty: hvc_iucv: fix off-by-one in number of supported devices]
+CVE-2026-53306 (In the Linux kernel, the following vulnerability has been 
resolved:  t ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/f2a880e802ad12d1e38039d1334fb1475d0f5241 (7.1-rc1)
-CVE-2026-53304 [scsi: sg: Resolve soft lockup issue when opening /dev/sgX]
+CVE-2026-53304 (In the Linux kernel, the following vulnerability has been 
resolved:  s ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/d06a310b45e153872033dd0cf19d5a2279121099 (7.1-rc1)
-CVE-2026-53303 [f2fs: protect extension_list reading with sb_lock in 
f2fs_sbi_show()]
+CVE-2026-53303 (In the Linux kernel, the following vulnerability has been 
resolved:  f ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/5909bedbed38c558bee7cb6758ceedf9bc3a9194 (7.1-rc1)
-CVE-2026-53297 [net: mana: Guard mana_remove against double invocation]
+CVE-2026-53297 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/50271d7ec95144d26808025b508f463780517d3c (7.1-rc1)
-CVE-2026-53296 [mailbox: mailbox-test: free channels on probe error]
+CVE-2026-53296 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/c02053a9055d5fdfd32432287cca8958db1d5bc5 (7.1-rc2)
-CVE-2026-53295 [mailbox: add sanity check for channel array]
+CVE-2026-53295 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/c1aad75595fb67edc7fda8af249d3b886efa1be9 (7.1-rc2)
-CVE-2026-53294 [mailbox: mailbox-test: don't free the reused channel]
+CVE-2026-53294 (In the Linux kernel, the following vulnerability has been 
resolved:  m ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/88ebadbf0deefdaccdab868b44ff70a0a257f473 (7.1-rc2)
-CVE-2026-53292 [net: phonet: do not BUG_ON() in pn_socket_autobind() on failed 
bind]
+CVE-2026-53292 (In the Linux kernel, the following vulnerability has been 
resolved:  n ...)
        - linux 7.0.10-1
        NOTE: 
https://git.kernel.org/linus/5b0c911bcdbd982f7748d11c0b39ec5808eae2de (7.1-rc2)
-CVE-2026-53291 [ALSA: hda/conexant: Fix missing error check for jack detection]
+CVE-2026-53291 (In the Linux kernel, the following vulnerability has been 
resolved:  A ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/b0e2333a231107adedd38c6fcfe1adc6162716fc (7.1-rc2)
-CVE-2026-53289 [ice: fix NULL pointer dereference in ice_reset_all_vfs()]
+CVE-2026-53289 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/54ef02487914c24170c7e1c061e45212dc55365e (7.1-rc2)
-CVE-2026-53287 [audit: fix incorrect inheritable capability in CAPSET records]
+CVE-2026-53287 (In the Linux kernel, the following vulnerability has been 
resolved:  a ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        NOTE: 
https://git.kernel.org/linus/e4a640475e43f406fdfd56d370b1f34b0cbbc18d (7.1-rc4)
-CVE-2026-53285 [drm/amd/display: Wrap DCN32 phantom-plane allocation in 
DC_RUN_WITH_PREEMPTION_ENABLED]
+CVE-2026-53285 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.10-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/183182235f6d53bac62c6c39014738a54a68dfa6 (7.1-rc4)
-CVE-2026-53284 [btrfs: only release the dirty pages io tree after successful 
writes]
+CVE-2026-53284 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
        - linux 7.0.10-1
        NOTE: 
https://git.kernel.org/linus/4066c55e109475a06d18a1f127c939d551211956 (7.1-rc4)
-CVE-2026-53281 [iommu/vt-d: Avoid NULL pointer dereference or refcount 
corruption]
+CVE-2026-53281 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.0.10-1
        [bookworm] - linux <not-affected> (Vulnerable code not present)
        [bullseye] - linux <not-affected> (Vulnerable code not present)
        NOTE: 
https://git.kernel.org/linus/79ea2feb917b05366b49d85573c9c5331f043b2c (7.1-rc4)
-CVE-2026-53279 [drm/gma500/oaktrail_lvds: fix hang on init failure]
+CVE-2026-53279 (In the Linux kernel, the following vulnerability has been 
resolved:  d ...)
        - linux 7.0.10-1
        [trixie] - linux 6.12.94-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -44322,12 +44464,12 @@ CVE-2025-36074 (IBM Security Verify Directory 
(Container) 10.0.0 through 10.0.0.
 CVE-2025-10549 (EfficientLab Controlio before v1.3.95 contains a DLL hijacking 
vulnera ...)
        NOT-FOR-US: EfficientLab Controlio
 CVE-2026-40215 (A race condition in OpenVPN 2.6.0 through 2.6.19 and 
2.7_alpha1 throug ...)
-       {DSA-6289-1}
+       {DSA-6289-1 DLA-4653-1}
        - openvpn 2.7.2-1
        NOTE: 
https://community.openvpn.net/Security%20Announcements/CVE-2026-40215
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/4a2c827c2536aa03a1d6c7cc916689a46c067187
 (v2.7.2)
 CVE-2026-35058 (Improper validation of packet length during tls-crypt-v2 key 
extractio ...)
-       {DSA-6289-1}
+       {DSA-6289-1 DLA-4653-1}
        - openvpn 2.7.2-1
        NOTE: 
https://community.openvpn.net/Security%20Announcements/CVE-2026-35058
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/607e2fcb9cbcff785abfa372c7a59029767b5ed9
 (v2.7.2)
@@ -59046,6 +59188,7 @@ CVE-2025-59028 (When sending invalid base64 SASL data, 
login process is disconne
        NOTE: Introduced with: 
https://github.com/dovecot/core/commit/1486c30e191ff079bfa78e7950173bb33d8073d9 
(2.4.1)
        NOTE: Fixed by: 
https://github.com/dovecot/core/commit/56df8acb5f21abaa039f91f1b0839a75719231de 
(2.4.3)
 CVE-2026-3650 (A memory leak exists in the Grassroots DICOM library (GDCM). 
The bug o ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-11 (bug #1132042)
        [trixie] - gdcm <postponed> (Minor issue, revisit when fixed upstream)
        [bookworm] - gdcm <postponed> (Minor issue, revisit when fixed upstream)
@@ -104180,12 +104323,14 @@ CVE-2025-64520 (GLPI is a free asset and IT 
management software package. Startin
 CVE-2025-59374 ("UNSUPPORTED WHEN ASSIGNED"Certain versions of the ASUS Live 
Update cl ...)
        NOT-FOR-US: ASUS
 CVE-2025-53619 (An out-of-bounds read vulnerability exists in the 
JPEGBITSCodec::Inter ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-11 (bug #1123587)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2210
        NOTE: 
https://github.com/malaterre/GDCM/commit/f0e359c87947326c7fb2f7b91ecbe351e9d8c683
 (v3.2.3)
 CVE-2025-53618 (An out-of-bounds read vulnerability exists in the 
JPEGBITSCodec::Inter ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-11 (bug #1123587)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
@@ -104194,12 +104339,14 @@ CVE-2025-53618 (An out-of-bounds read vulnerability 
exists in the JPEGBITSCodec:
 CVE-2025-53524 (Fuji Electric Monitouch V-SFT-6 is vulnerable to an 
out-of-bounds writ ...)
        NOT-FOR-US: Fuji Electric
 CVE-2025-52582 (An out-of-bounds read vulnerability exists in the 
Overlay::GrabOverlay ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-11 (bug #1123576)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2211
        NOTE: 
https://github.com/malaterre/GDCM/commit/14825ceb1cb6855f32e726ee5cd2968e3051da2a
 (v3.2.3)
 CVE-2025-48429 (An out-of-bounds read vulnerability exists in the 
RLECodec::DecodeBySt ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-11 (bug #1123589)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
@@ -106436,6 +106583,7 @@ CVE-2025-11693 (The Export WP Page to Static HTML & 
PDF plugin for WordPress is
 CVE-2025-11376 (The Colibri Page Builder plugin for WordPress is vulnerable to 
Stored  ...)
        NOT-FOR-US: WordPress plugin
 CVE-2025-11266 (An out-of-bounds write vulnerability exists in the Grassroots 
DICOM li ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-11 (bug #1122862)
        [trixie] - gdcm <no-dsa> (Minor issue)
        [bookworm] - gdcm <no-dsa> (Minor issue)
@@ -293862,6 +294010,7 @@ CVE-2024-25917 (Exposure of Sensitive Information to 
an Unauthorized Actor vulne
 CVE-2024-25624 (Iris is a web collaborative platform aiming to help incident 
responder ...)
        NOT-FOR-US: Iris
 CVE-2024-25569 (An out-of-bounds read vulnerability exists in the 
RAWCodec::DecodeByte ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-1 (bug #1070387)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [buster] - gdcm <postponed> (Minor issue, follow bullseye)
@@ -293870,12 +294019,14 @@ CVE-2024-25569 (An out-of-bounds read vulnerability 
exists in the RAWCodec::Deco
 CVE-2024-25026 (IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere 
Applicatio ...)
        NOT-FOR-US: IBM
 CVE-2024-22391 (A heap-based buffer overflow vulnerability exists in the 
LookupTable:: ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-1 (bug #1070387)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [buster] - gdcm <postponed> (Minor issue, follow bullseye)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1924
        NOTE: 
https://github.com/malaterre/GDCM/commit/21a793095ab3aecb794c56439873e5b181ea9d91
 (v3.0.24)
 CVE-2024-22373 (An out-of-bounds write vulnerability exists in the 
JPEG2000Codec::Deco ...)
+       {DLA-4652-1}
        - gdcm 3.0.24-1 (bug #1070387)
        [bookworm] - gdcm <no-dsa> (Minor issue)
        [buster] - gdcm <postponed> (Minor issue, follow bullseye)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f08e82b205eb77314cb9b85c5303fc566cc9f5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6f08e82b205eb77314cb9b85c5303fc566cc9f5
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to