Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
544e850e by Salvatore Bonaccorso at 2026-07-07T21:39:35+02:00
Mark trixie as no-dsa for dcmtk issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3217,6 +3217,7 @@ CVE-2026-54500 (Oj (Optimized JSON) is a JSON parser and
Object marshaller packa
NOTE:
https://github.com/ohler55/oj/security/advisories/GHSA-fm7p-mprw-wjm9
CVE-2026-52868 (An unauthenticated attacker can read worklist records from a
directory ...)
- dcmtk 3.7.0+really3.7.0-7 (bug #1141411)
+ [trixie] - dcmtk <no-dsa> (Minor issue; exposing first in unstable,
then via proposed-updates)
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=e3878daf870cd2db50eadfde38615f0afae8a584
CVE-2026-52198 (Buffer Overflow vulnerability in UTT nv518G
nv518GV3v3.2.7-210919-1613 ...)
NOT-FOR-US: UTT
@@ -3230,6 +3231,7 @@ CVE-2026-52193 (Buffer Overflow vulnerability in UTT
nv518G nv518GV3v3.2.7-21091
NOT-FOR-US: UTT
CVE-2026-50254 (An unauthenticated remote attacker can repeatedly send a
single crafte ...)
- dcmtk 3.7.0+really3.7.0-7 (bug #1141411)
+ [trixie] - dcmtk <no-dsa> (Minor issue; exposing first in unstable,
then via proposed-updates)
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=23f181f7a3cb8334056f751a3a0c2ddf01046752
CVE-2026-50110 (Storage Concentrator (SC & SCVM) contains hardcoded
credentials for nu ...)
NOT-FOR-US: Storage Concentrator
@@ -3237,9 +3239,11 @@ CVE-2026-50040 (Storage Concentrator (SC & SCVM) is
vulnerable to reflected cros
NOT-FOR-US: Storage Concentrator
CVE-2026-50003 (A malicious or compromised server can make a DCMTK client
using bit-pr ...)
- dcmtk 3.7.0+really3.7.0-7 (bug #1141411)
+ [trixie] - dcmtk <no-dsa> (Minor issue; exposing first in unstable,
then via proposed-updates)
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=eca9a03dda7d4fc1faa7e5a6dac9617938cf5803
CVE-2026-44628 (An unauthenticated attacker can crash the worklist server with
a singl ...)
- dcmtk 3.7.0+really3.7.0-7 (bug #1141411)
+ [trixie] - dcmtk <no-dsa> (Minor issue; exposing first in unstable,
then via proposed-updates)
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f4e0074682645b1a4289d62581926c4394d5c6d5
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=694a0a06a38015ce768fa161a62b148189f84959
CVE-2026-44042 (UltraVNC repeater through 1.8.2.2 contains an off-by-one error
in the ...)
@@ -3255,6 +3259,7 @@ CVE-2026-37106 (An issue in DokuWiki 2025-05-14b
"Librarian" 56.2 allows a remot
NOTE: https://github.com/dokuwiki/dokuwiki/issues/4682
CVE-2026-35505 (An unauthenticated remote attacker can repeatedly send crafted
connect ...)
- dcmtk 3.7.0+really3.7.0-7 (bug #1141411)
+ [trixie] - dcmtk <no-dsa> (Minor issue; exposing first in unstable,
then via proposed-updates)
NOTE: Fixed by:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=2312891a8d058c862e00bcbd636e5da26308658a
CVE-2026-2387 (The Event Organiser plugin for WordPress is vulnerable to
Stored Cross ...)
NOT-FOR-US: WordPress plugin
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/544e850efd8f9f191b361fbb7d56482d26d2c646
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/544e850efd8f9f191b361fbb7d56482d26d2c646
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits