Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6a3b6db0 by Salvatore Bonaccorso at 2026-07-08T09:25:54+02:00
Add new opessh issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -19,25 +19,33 @@ CVE-2026-7380 (Improper neutralization of Script-Related
HTML tags in a web page
CVE-2026-6101 (The AMP for WP \u2013 Accelerated Mobile Pages plugin for
WordPress is ...)
NOT-FOR-US: WordPress plugin
CVE-2026-60002 (ssh in OpenSSH before 10.4 can have a use-after-free when a
server cha ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-60001 (sshd in OpenSSH before 10.4 does not always honor the minimum
authenti ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-60000 (sshd in OpenSSH before 10.4 allows remote attackers to cause a
denial ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-5799 (Authorization bypass through User-Controlled key vulnerability
in Idvl ...)
TODO: check
CVE-2026-5730 (Authorization bypass through User-Controlled key vulnerability
in Idvl ...)
TODO: check
CVE-2026-59999 (In sshd in OpenSSH before 10.4, DisableForwarding=yes was
supposed to ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-59998 (sshd in OpenSSH before 10.4 has an undocumented
security-relevant beha ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-59997 (internal-sftp in sshd in OpenSSH before 10.4 recognizes only
the first ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-59996 (scp in OpenSSH before 10.4 may place a file in the parent
directory of ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-59995 (sftp in OpenSSH before 10.4 does not properly constrain the
location o ...)
- TODO: check
+ - openssh 1:10.4p1-1
+ NOTE: https://www.openssh.org/releasenotes.html#10.4p1
CVE-2026-59800 (9Router before 0.4.44 contains an OS command injection
vulnerability i ...)
TODO: check
CVE-2026-59709 (Ghostfolio's PUT
/api/v1/portfolio/holding/:dataSource/:symbol/tags en ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3b6db0cc1d59399fb4afc42d2cdfa459e22357
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6a3b6db0cc1d59399fb4afc42d2cdfa459e22357
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits