Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f18bb48b by Salvatore Bonaccorso at 2026-06-27T21:33:25+02:00
Track proposed libass update via trixie-pu and identify issues via GHSA
temporarily
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -36,7 +36,7 @@ CVE-2026-11597 (The Surbma | Infusionsoft Shortcode plugin
for WordPress is vuln
NOT-FOR-US: WordPress plugin
CVE-2026-11364 (The Product Specifications for WooCommerce plugin for
WordPress is vul ...)
NOT-FOR-US: WordPress plugin
-CVE-2026-XXXX [Out-of-bounds bit clears for negative Matroska ReadOrder values]
+CVE-2026-XXXX [GHSA-5gf7-wjfm-vmvm: Out-of-bounds bit clears for negative
Matroska ReadOrder values]
- libass 1:0.17.5-1
[trixie] - libass <not-affected> (Vulnerable code not present)
[bookworm] - libass <not-affected> (Vulnerable code not present)
@@ -45,8 +45,9 @@ CVE-2026-XXXX [Out-of-bounds bit clears for negative Matroska
ReadOrder values]
NOTE: Introduced with:
https://github.com/libass/libass/commit/dcc9eb722ebd485d2ed0e21c261b0a1b05497154
(0.17.4)
NOTE: Fixed with:
https://github.com/libass/libass/commit/23da65a130bb8c5b2cf0c7df0dd7d424607f98f1
(0.17.5)
NOTE: https://github.com/libass/libass/issues/937
-CVE-2026-XXXX [Out-of-bounds read and write in wrap_lines_measure]
+CVE-2026-XXXX [GHSA-pjjp-65r7-ppgm: Out-of-bounds read and write in
wrap_lines_measure]
- libass 1:0.17.5-1
+ [trixie] - libass <no-dsa> (Minor issue, will be fixed via point
release)
NOTE:
https://github.com/libass/libass/security/advisories/GHSA-pjjp-65r7-ppgm
NOTE:
https://github.com/libass/libass/commit/f2ef59755292bc4bb950ef22710e18a5487c399d
(0.17.5)
CVE-2026-9677 (The Shariff for WordPress Shariff for WordPress plugin through
1.0.11 ...)
=====================================
data/next-point-update.txt
=====================================
@@ -438,3 +438,5 @@ CVE-2026-45409
[trixie] - python-idna 3.10-1+deb13u1
CVE-2026-39373
[trixie] - python-jwcrypto 1.5.6-1.1~deb13u1
+CVE-2026-XXXX [GHSA-pjjp-65r7-ppgm]
+ [trixie] - libass 1:0.17.3-1+deb13u1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18bb48b9d5338e97a5d0bebde36b32a93ba4b16
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f18bb48b9d5338e97a5d0bebde36b32a93ba4b16
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits