Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
5d469193 by Salvatore Bonaccorso at 2026-07-03T20:23:55+02:00
Add CVE-2026-44941/libzypp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -485,7 +485,8 @@ CVE-2026-4767 (Missing authentication for critical function
vulnerability in TR7
CVE-2026-49779 (Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3
version ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-44941 (A relative path traversal in the "keyhint" option in
repomd.xml parsin ...)
- TODO: check
+ - libzypp 17.38.12-1
+ NOTE: Fixed by:
https://github.com/openSUSE/libzypp/commit/294b1bad442d089ca671c5c03adc8031e3b29e04
(17.38.12)
CVE-2026-44935 (Missing validation of "valuesFrom" references in Helm Deployer
of SUSE ...)
NOT-FOR-US: Rancher Fleet
CVE-2026-42382 (Unauthenticated Local File Inclusion in Audrey <= 1.5
versions.)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d4691934c2f72b2c6e8502d3cce50c6f26cff80
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5d4691934c2f72b2c6e8502d3cce50c6f26cff80
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits