Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
91911eb3 by Salvatore Bonaccorso at 2026-07-02T22:01:43+02:00
Add two new liboauth2 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -230,9 +230,11 @@ CVE-2026-54887 (Use of Default Cryptographic Key
vulnerability in Erlang/OTP ssl
CVE-2026-54886 (Loop with Unreachable Exit Condition ('Infinite Loop')
vulnerability i ...)
TODO: check
CVE-2026-54431 (In liboauth2 the Demonstrating Proof-of-Possession (DPoP)
verifier acc ...)
- TODO: check
+ - liboauth2 2.3.0-1
+ NOTE: Fixed by:
https://github.com/OpenIDC/liboauth2/commit/c0b57152ed6a0af33aeb04a60bd7f5bff5ab8800
(v2.3.0)
CVE-2026-54430 (liboauth2 is vulnerable to Server-Side Request Forgery
inoauth2_jose_j ...)
- TODO: check
+ - liboauth2 2.3.0-1
+ NOTE: Fixed by:
https://github.com/OpenIDC/liboauth2/commit/347507ac5b51f48c2933bbe49b2ee07c2af4712b
(v2.3.0)
CVE-2026-54409 (A malicious actor with access to the network and under certain
conditi ...)
TODO: check
CVE-2026-54408 (A malicious actor with access to the network could exploit an
Improper ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91911eb3725fa9de45ad4ddb27b984e2649370a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/91911eb3725fa9de45ad4ddb27b984e2649370a0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits