Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bedde6c7 by Salvatore Bonaccorso at 2026-06-30T23:39:34+02:00
Add two new issues in seaweedfs, itp'ed

- - - - -
ed3098db by Salvatore Bonaccorso at 2026-06-30T23:40:11+02:00
Adjust two CVEs for SeaweedFS to itp'ed entry

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34,9 +34,9 @@ CVE-2026-58374 (In hostapd before 2.12, a missing bounds 
check in AP-mode Wi-Fi
 CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization 
vulnerability in ...)
        NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability 
in the S ...)
-       TODO: check
+       - seaweedfs <itp> (bug #956957)
 CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter 
verbatim i ...)
-       TODO: check
+       - seaweedfs <itp> (bug #956957)
 CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers 
bypass list  ...)
        - woodpecker <itp> (bug #1008934)
 CVE-2026-58369 (Woodpecker before 3.15.0 registers the 
/api/orgs/lookup/*org_full_name ...)
@@ -2612,7 +2612,7 @@ CVE-2026-55180 (pnpm is a package manager. Prior to 
10.34.2 and 11.5.3, pnpm and
 CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy 
downloads an  ...)
        - trivy <itp> (bug #929458)
 CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage 
(S3), fil ...)
-       NOT-FOR-US: SeaweedFS
+       - seaweedfs <itp> (bug #956957)
 CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for 
WooCommerce <= ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data 
vulnerability in Saa ...)
@@ -177681,7 +177681,7 @@ CVE-2025-22233 (CVE-2024-38820 ensured 
Locale-independent, lowercase conversion
 CVE-2025-1975 (A vulnerability in the Ollama server version 0.5.11 allows a 
malicious ...)
        - ollama <itp> (bug #1094806)
 CVE-2024-40120 (seaweedfs v3.68 was discovered to contain a SQL injection 
vulnerabilit ...)
-       NOT-FOR-US: seaweedfs
+       - seaweedfs <itp> (bug #956957)
 CVE-2025-40907 (FCGI versions 0.44 through 0.82, for Perl, include a 
vulnerable versio ...)
        - libfcgi-perl 0.79+ds-2
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/29651740/



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d470046fa6c9779d17ef153805bac1859953f578...ed3098db22013f5e90197e20cd5563b2de8c9c6d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d470046fa6c9779d17ef153805bac1859953f578...ed3098db22013f5e90197e20cd5563b2de8c9c6d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to