Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
983f5c65 by Salvatore Bonaccorso at 2026-07-07T12:06:56+02:00
Update status for CVE-2026-43825
- - - - -
9a20ea23 by Salvatore Bonaccorso at 2026-07-07T12:06:57+02:00
Reassociate CVE-2017-12620 with packaged source
- - - - -
5c187da6 by Salvatore Bonaccorso at 2026-07-07T12:06:59+02:00
Add reference for CVE-2026-43825
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -448,8 +448,9 @@ CVE-2026-43866 (Deserialization of Untrusted Data
vulnerability in Apache Camel,
CVE-2026-43865 (Deserialization of Untrusted Data vulnerability in Apache
Camel Hazelc ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-43825 (Untrusted Java Deserialization in Apache OpenNLP
SvmDoccatModel Versi ...)
- TODO: check
+ - apache-opennlp <not-affected> (Only affects 3.x line)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/06/9
+ NOTE: https://issues.apache.org/jira/browse/OPENNLP-1823
CVE-2026-42527 (Deserialization of Untrusted Data vulnerability in Apache
Camel. The ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41434 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
@@ -756429,7 +756430,8 @@ CVE-2017-12621 (During Jelly (xml) file parsing with
Apache Xerces, if a custom
[wheezy] - jenkins-commons-jelly <ignored> (Minor issue, only used by
Jenkins which got removed)
NOTE: https://www.openwall.com/lists/oss-security/2017/09/27/6
CVE-2017-12620 (When loading models or dictionaries that contain XML it is
possible to ...)
- NOT-FOR-US: Apache OpenNLP
+ - apache-opennlp <not-affected> (Fixed before initial upload to Debian)
+ NOTE: https://opennlp.apache.org/news/cve-2017-12620.html
CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session
fixation whic ...)
NOT-FOR-US: Apache Zeppelin
CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior
fail to val ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9702f3885acb4d767aaf7e5c992cac549487cc14...5c187da6b0744ec091652322a7dadd80e6e89fdf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9702f3885acb4d767aaf7e5c992cac549487cc14...5c187da6b0744ec091652322a7dadd80e6e89fdf
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits