Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2851160b by Salvatore Bonaccorso at 2026-07-08T14:15:37+02:00
Add CVE-2026-50811/freetype
- - - - -
f337e333 by Salvatore Bonaccorso at 2026-07-08T14:15:37+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2026-59153 (Anki is a program for creating and reviewing
flashcards. Prior t
CVE-2026-58583 (FluxInk (formerly Sunia SPB Peripheral) Color Management
Driver (TcnPe ...)
NOT-FOR-US: FluxInk
CVE-2026-58473 (Cognee before 1.2.0 contains an improper access control
vulnerability ...)
- TODO: check
+ NOT-FOR-US: Cognee
CVE-2026-58472 (GNU Wget through 1.25.0, fixed in commit dd692d9, contains a
heap buff ...)
- wget <unfixed>
NOTE: Fixed by:
https://gitlab.com/gnuwget/wget/-/commit/dd692d9cea5335b181d877ae917fe6e75587a812
@@ -99,9 +99,9 @@ CVE-2026-57172 (DataEase is an open source data visualization
and analysis tool.
CVE-2026-56843 (Incorrect authorization in the XML-RPC API of WebPros Plesk
before 18. ...)
NOT-FOR-US: WebPros Plesk
CVE-2026-56812 (Improper Check for Unusual or Exceptional Conditions
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phoenixframework phoenix (Presence JavaScript client)
CVE-2026-56811 (Allocation of Resources Without Limits or Throttling
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: phoenixframework phoenix (Phoenix.Socket module)
CVE-2026-56437 (Uncontrolled search path element issue exists in Pupsman
versions prio ...)
NOT-FOR-US: Fuji
CVE-2026-55647 (DataEase is an open source data visualization and analysis
tool. Prior ...)
@@ -113,7 +113,7 @@ CVE-2026-55633 (DataEase is an open source data
visualization and analysis tool.
CVE-2026-55631 (DataEase is an open source data visualization and analysis
tool. Prior ...)
NOT-FOR-US: DataEase
CVE-2026-55592 (Dashy is a self-hostable personal dashboard. Prior to 4.3.7,
Dashy's w ...)
- TODO: check
+ NOT-FOR-US: Dashy
CVE-2026-55490 (OpenWrt is a Linux operating system targeting embedded
devices. Before ...)
NOT-FOR-US: OpenWrt
CVE-2026-55438 (Coder allows organizations to provision remote development
environment ...)
@@ -143,7 +143,7 @@ CVE-2026-55427 (Coder allows organizations to provision
remote development envir
CVE-2026-55418 (FastGPT is an open source AI knowledge base platform. Prior to
v4.15.0 ...)
NOT-FOR-US: FastGPT
CVE-2026-55417 (Chevereto is a self-hosted media-sharing platform. Starting in
version ...)
- TODO: check
+ NOT-FOR-US: Chevereto
CVE-2026-55408 (Koodo Reader is an ebook reader. In version 2.3.0 and earlier,
Koodo R ...)
NOT-FOR-US: Koodo Reader
CVE-2026-55079 (Coder allows organizations to provision remote development
environment ...)
@@ -185,7 +185,9 @@ CVE-2026-53479 (DellPowerProtectData Domain, versions
7.7.1.0 through 8.7, LTS20
CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain
sensitiv ...)
NOT-FOR-US: Oneblog
CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3
and vers ...)
- TODO: check
+ - freetype <unfixed>
+ NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1436
+ NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/5a280ecde6f324de0d226261036e736e0cb49a71
CVE-2026-50810 (A NULL pointer dereference in smooth_parse_stream_index() in
src/media ...)
TODO: check
CVE-2026-50530 (DataEase is an open source data visualization and analysis
tool. Prior ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32ea80d4ec8ec311b2bb0cb0582f44ae64951c43...f337e333d6c3805e4d817fdee718900e8d42b7da
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32ea80d4ec8ec311b2bb0cb0582f44ae64951c43...f337e333d6c3805e4d817fdee718900e8d42b7da
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits