Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8806ca02 by Salvatore Bonaccorso at 2026-07-07T09:49:33+02:00
Track new hugo issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7,11 +7,20 @@ CVE-2026-59711 (showdown contains a cross-site scripting
vulnerability in metada
CVE-2026-59710 (showdown contains a stored cross-site scripting vulnerability
in the p ...)
TODO: check
CVE-2026-58404 (Hugo is a static site generator. From v0.162.0 through
v0.163.0, the d ...)
- TODO: check
+ - hugo <unfixed>
+ NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-r46f-3rpw-hxrv
+ NOTE: https://github.com/gohugoio/hugo/pull/15020
+ NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/a00b5c72ac57afe26df6688ece3ca544a56df372
(v0.163.1)
CVE-2026-58403 (Hugo is a static site generator. From v0.123.0 through
v0.163.0, Hugo' ...)
- TODO: check
+ - hugo <unfixed>
+ NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-c3wq-j5vh-68rc
+ NOTE: https://github.com/gohugoio/hugo/pull/15020
+ NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/cf9c8f93ca2a2838ce378f9e36d052ac2f79e229
(v0.163.1)
CVE-2026-58402 (Hugo is a static site generator. From 0.60.0 until 0.163.3,
Hugo's def ...)
- TODO: check
+ - hugo <unfixed>
+ NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-q76j-gcg9-vxc6
+ NOTE: https://github.com/gohugoio/hugo/pull/15051
+ NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/ce1a7e0bce3713af40496ded3c2c0ceeed49231d
(v0.163.3)
CVE-2026-58315 (Cross-site request forgery vulnerability exists in SEIKO EPSON
Web Con ...)
NOT-FOR-US: SEIKO
CVE-2026-57871 (Relative path traversal vulnerability in MicroRealEstate file
upload f ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8806ca0235df9b552697ebba076b5671e37d746f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8806ca0235df9b552697ebba076b5671e37d746f
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits