Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
91911eb3 by Salvatore Bonaccorso at 2026-07-02T22:01:43+02:00
Add two new liboauth2 issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -230,9 +230,11 @@ CVE-2026-54887 (Use of Default Cryptographic Key 
vulnerability in Erlang/OTP ssl
 CVE-2026-54886 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
        TODO: check
 CVE-2026-54431 (In liboauth2 the Demonstrating Proof-of-Possession (DPoP) 
verifier acc ...)
-       TODO: check
+       - liboauth2 2.3.0-1
+       NOTE: Fixed by: 
https://github.com/OpenIDC/liboauth2/commit/c0b57152ed6a0af33aeb04a60bd7f5bff5ab8800
 (v2.3.0)
 CVE-2026-54430 (liboauth2 is vulnerable to Server-Side Request Forgery 
inoauth2_jose_j ...)
-       TODO: check
+       - liboauth2 2.3.0-1
+       NOTE: Fixed by: 
https://github.com/OpenIDC/liboauth2/commit/347507ac5b51f48c2933bbe49b2ee07c2af4712b
 (v2.3.0)
 CVE-2026-54409 (A malicious actor with access to the network and under certain 
conditi ...)
        TODO: check
 CVE-2026-54408 (A malicious actor with access to the network could exploit an 
Improper ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91911eb3725fa9de45ad4ddb27b984e2649370a0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91911eb3725fa9de45ad4ddb27b984e2649370a0
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to