Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
05812218 by Salvatore Bonaccorso at 2026-07-03T20:42:56+02:00
Add Debian bug reference for activemq issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3197,13 +3197,13 @@ CVE-2026-58010 (A flaw was found in GLib. An off-by-one 
error can occur in the g
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/5134 (2.88.1)
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/5135 (2.86.5)
 CVE-2026-54475 (Missing Authorization vulnerability in Apache ActiveMQ Broker, 
Apache  ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/85f3q7mkh71y7qwyn6wvgw0bw4jl06ys
 CVE-2026-53917 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/grrd1mwgkgblqjbwkkq6dvmdxd9ov2dx
 CVE-2026-53916 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/07hjsj88hqgsb7vvg6ttsj56ts9vjs5n
 CVE-2026-53692 (Redeight CMS version 1.0 uses the MD5 algorithm without a salt 
to stor ...)
        NOT-FOR-US: Redeight CMS
@@ -3220,13 +3220,13 @@ CVE-2026-53432 (fzf is vulnerable toInteger Overflow 
leading to crash in FuzzyMa
        NOTE: Fixed by: 
https://github.com/junegunn/fzf/commit/ccedd064ca56921a4235219516b3d834f60e7b91 
(v0.73.0)
        NOTE: Crash in CLI tool, no security impact
 CVE-2026-52760 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/d3mhyo2116nomz2lwxppyy4pclvdxq3n
 CVE-2026-50750 (Denial of Service via Out of Memory vulnerability in Apache 
ActiveMQ B ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/nhkmbdym61yp6wwy0dny8w1p46sm87kr
 CVE-2026-50734 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Ac ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/nxso951fnvf72qf9m475mpz4yf931xk0
 CVE-2026-4629 (A flaw was found in Keycloak. A highly privileged user with 
`manage-cl ...)
        - keycloak <itp> (bug #1088287)
@@ -3245,15 +3245,15 @@ CVE-2026-4360 (In the Tarfile.extract() function, the 
filter parameter is not pa
        NOTE: 
https://github.com/python/cpython/commit/5e0ef3f1afe892e4f64eb83368db57ac4c40cba0
 (3.14 branch)
        NOTE: 
https://github.com/python/cpython/commit/eee3ddf0ca10283cc7fea724aae9cd8665f8d15e
 (3.13 branch)
 CVE-2026-49877 (Improper Authorization vulnerability in Apache ActiveMQ.  An 
authentic ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/w82vtc3q02j5ot94tnyy1197y3wb98hl
 CVE-2026-49451 (The OpenAPI.NET SDK contains a useful object model for OpenAPI 
documen ...)
        NOT-FOR-US: OpenAPI.NET SDK
 CVE-2026-49434 (Improper Input Validation vulnerability in Apache ActiveMQ 
Broker, Apa ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/hcjh7kdk4l85tb9ksmvcnkhso1ngj50o
 CVE-2026-49432 (Improper Input Validation vulnerability in Apache ActiveMQ, 
Apache Act ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://lists.apache.org/thread/fsjb26605syqr8xks249h8gkp86t55d2
 CVE-2026-48315 (ColdFusion versions 2025.9, 2023.20 and earlier are affected 
by an Imp ...)
        NOT-FOR-US: Adobe
@@ -23082,10 +23082,10 @@ CVE-2026-7770 (IBM i Access Family 1.1.5.0 through 
1.1.9.12 IBM i Access Client
 CVE-2026-49361 (Apache Fluss versions prior to 0.9.1 configure the Netty 
LengthFieldBa ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-49270 (Exposure of Sensitive Information Through Metadata 
vulnerability in Ap ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/22
 CVE-2026-49157 (Incorrect Default Permissions vulnerability in Apache 
ActiveMQ.  This  ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/21
 CVE-2026-49121 (AI Tensor Engine for ROCm (AITER) through 0.1.14 contains an 
unauthent ...)
        NOT-FOR-US: AI Tensor Engine for ROCm (AITER)
@@ -23122,7 +23122,7 @@ CVE-2026-48187 (An uncontrolled allocation of resources 
without limits or thrott
 CVE-2026-47294 (Improper neutralization of special elements used in an os 
command ('os ...)
        NOT-FOR-US: Microsoft
 CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before 
versions v6. ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/20
 CVE-2026-45810 (Nextcloud is an open source content collaboration platform. In 
Nextclo ...)
        - nextcloud-server <itp> (bug #941708)
@@ -23149,7 +23149,7 @@ CVE-2026-45544 (Nextcloud is an open source content 
collaboration platform. From
 CVE-2026-45543 (Nextcloud is an open source content collaboration platform. 
From versi ...)
        NOT-FOR-US: Nextcloud Forms
 CVE-2026-45505 (Improper Input Validation, Improper Control of Generation of 
Code ('Co ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/19
 CVE-2026-45302 (parse-nested-form-data is a tiny node module for parsing 
FormData by n ...)
        NOT-FOR-US: parse-nested-form-data
@@ -23239,10 +23239,10 @@ CVE-2026-42672 (Improper Neutralization of Special 
Elements used in an SQL Comma
 CVE-2026-42671 (Missing Authorization vulnerability in Paolo GeoDirectory 
allows Explo ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42588 (Improper Input Validation, Improper Control of Generation of 
Code ('Co ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/18
 CVE-2026-42253 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/31/17
 CVE-2026-42251 (Use of hard-coded credentials in KS-SOMED allowed an 
unauthorized atta ...)
        NOT-FOR-US: KS-SOMED
@@ -76899,7 +76899,7 @@ CVE-2025-66944 (SQL Injection vulnerability in vran-dev 
databaseir v.1.0.7 and b
 CVE-2025-66678 (An issue in the HwRwDrv.sys component of Nil Hardware Editor 
Hardware  ...)
        NOT-FOR-US: Nil Hardware Editor
 CVE-2025-66168 (WARNING:  Users of 6.x should upgrade to 6.2.4 or later as the 
fix was ...)
-       - activemq <unfixed>
+       - activemq <unfixed> (bug #1141385)
        NOTE: https://www.openwall.com/lists/oss-security/2026/03/03/5
        NOTE: https://issues.apache.org/jira/browse/AMQ-9810
        NOTE: Fixed by: 
https://github.com/apache/activemq/commit/3f0720c085b24f25c98e414fefc007bc42470ee3
 (activemq-5.19.2)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05812218816f1a37d48192f6bbab1136450259b5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/05812218816f1a37d48192f6bbab1136450259b5
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to