Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3affc0de by Salvatore Bonaccorso at 2026-06-28T14:03:18+02:00
Update status for CVE-2026-57918/libnfs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -586,9 +586,9 @@ CVE-2026-57921 (In JetBrains YouTrack before 2026.2.16593
improper access contro
CVE-2026-57920 (Peplink InControl 2 through 2.14.2 before 2026-06-03 allows
use of a s ...)
NOT-FOR-US: Peplink InControl
CVE-2026-57918 (libnfs through 6.0.2 before 935b8db has an xid integer
underflow in RE ...)
- - libnfs <unfixed>
- [trixie] - libnfs <no-dsa> (Minor issue)
- NOTE:
https://github.com/sahlberg/libnfs/commit/935b8db712b3c6649bc57ddc276526c4a31680de
+ - libnfs <not-affected> (Vulnerable code not present)
+ NOTE: Introduced with:
https://github.com/sahlberg/libnfs/commit/5e8f7ce273308eb77f94248f4501e574a703c1a5
(libnfs-6.0.0)
+ NOTE: Fixed by:
https://github.com/sahlberg/libnfs/commit/935b8db712b3c6649bc57ddc276526c4a31680de
CVE-2026-57915 (It is possible to bypass the Kerberos pre-authentication check
in Apac ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-57914 (By sending a deeply nested ASN1 structure to a Apache Kerby
client or ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3affc0de25cc8296340769dfbb47391664543a44
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3affc0de25cc8296340769dfbb47391664543a44
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits