Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9e2d2221 by Salvatore Bonaccorso at 2026-06-29T22:36:45+02:00
CVE-2026--13601/yelp assigned
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -169,8 +169,6 @@ CVE-2026-13742 (Honeywell IQ MultiAccess, all versions
prior to and including ve
NOT-FOR-US: Honeywell
CVE-2026-13676 (fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to
canonicalize U ...)
TODO: check
-CVE-2026-13601 (A flaw was found in Yelp due to an overly permissive Content
Security ...)
- TODO: check
CVE-2026-13595 (A flaw was found in the libblkid library of util-linux. During
nested ...)
TODO: check
CVE-2026-13592 (A vulnerability was detected in liftoff-sr CIPster up to
e8e9dba09bf56 ...)
@@ -33829,11 +33827,8 @@ CVE-2026-5172 (A buffer overflow in dnsmasq\u2019s
extract_addresses() function
NOTE: https://xchglabs.com/blog/dnsmasq-five-cves.html
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=073082ddc0aba7b8efa15a688d6183463b65effa
(v2.93rc1)
NOTE: Introduced with:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=638c7c4d20004c0f320820098e29df62a27dd2a1
(v2.90test1)
-CVE-2026-XXXX [yelp: Sandbox escape]
+CVE-2026-13601 [yelp: Sandbox escape]
- yelp 49.1-1 (bug #1136299)
- [trixie] - yelp 42.2-4+deb13u1
- [bookworm] - yelp 42.2-1+deb12u2
- [bullseye] - yelp 3.38.3-1+deb11u2
NOTE:
https://blogs.gnome.org/mcatanzaro/2026/05/11/flatpak-sandbox-escape-via-yelp/
NOTE: https://gitlab.gnome.org/GNOME/yelp/-/work_items/238
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/yelp/-/commit/d220aa2f754eed4e6a006a4acaa68b31892dea2b
(49.1)
=====================================
data/DLA/list
=====================================
@@ -30,6 +30,7 @@
[bullseye] - libtext-csv-xs-perl 1.45-1+deb11u1
[bookworm] - libtext-csv-xs-perl 1.49-1+deb12u1
[25 Jun 2026] DLA-4647-1 yelp - security update
+ {CVE-2026-13601}
[bullseye] - yelp 3.38.3-1+deb11u2
[24 Jun 2026] DLA-4646-1 postgresql-13 - security update
{CVE-2026-6473 CVE-2026-6474 CVE-2026-6475 CVE-2026-6477 CVE-2026-6478
CVE-2026-6479 CVE-2026-6637}
=====================================
data/DSA/list
=====================================
@@ -178,6 +178,7 @@
{CVE-2024-51754 CVE-2026-46628 CVE-2026-46629 CVE-2026-46633
CVE-2026-46637 CVE-2026-47730}
[bookworm] - php-twig 3.5.1-1+deb12u3
[02 Jun 2026] DSA-6319-1 yelp - security update
+ {CVE-2026-13601}
[bookworm] - yelp 42.2-1+deb12u2
[trixie] - yelp 42.2-4+deb13u1
[01 Jun 2026] DSA-6318-1 gst-plugins-good1.0 - security update
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2d22213cbbf98118307b2610fa40a868a173e2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9e2d22213cbbf98118307b2610fa40a868a173e2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits