Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
983f5c65 by Salvatore Bonaccorso at 2026-07-07T12:06:56+02:00
Update status for CVE-2026-43825

- - - - -
9a20ea23 by Salvatore Bonaccorso at 2026-07-07T12:06:57+02:00
Reassociate CVE-2017-12620 with packaged source

- - - - -
5c187da6 by Salvatore Bonaccorso at 2026-07-07T12:06:59+02:00
Add reference for CVE-2026-43825

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -448,8 +448,9 @@ CVE-2026-43866 (Deserialization of Untrusted Data 
vulnerability in Apache Camel,
 CVE-2026-43865 (Deserialization of Untrusted Data vulnerability in Apache 
Camel Hazelc ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-43825 (Untrusted Java Deserialization in Apache OpenNLP 
SvmDoccatModel  Versi ...)
-       TODO: check
+       - apache-opennlp <not-affected> (Only affects 3.x line)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/06/9
+       NOTE: https://issues.apache.org/jira/browse/OPENNLP-1823
 CVE-2026-42527 (Deserialization of Untrusted Data vulnerability in Apache 
Camel.  The  ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-41434 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
@@ -756429,7 +756430,8 @@ CVE-2017-12621 (During Jelly (xml) file parsing with 
Apache Xerces, if a custom
        [wheezy] - jenkins-commons-jelly <ignored> (Minor issue, only used by 
Jenkins which got removed)
        NOTE: https://www.openwall.com/lists/oss-security/2017/09/27/6
 CVE-2017-12620 (When loading models or dictionaries that contain XML it is 
possible to ...)
-       NOT-FOR-US: Apache OpenNLP
+       - apache-opennlp <not-affected> (Fixed before initial upload to Debian)
+       NOTE: https://opennlp.apache.org/news/cve-2017-12620.html
 CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session 
fixation whic ...)
        NOT-FOR-US: Apache Zeppelin
 CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior 
fail to val ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9702f3885acb4d767aaf7e5c992cac549487cc14...5c187da6b0744ec091652322a7dadd80e6e89fdf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9702f3885acb4d767aaf7e5c992cac549487cc14...5c187da6b0744ec091652322a7dadd80e6e89fdf
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to