Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2851160b by Salvatore Bonaccorso at 2026-07-08T14:15:37+02:00
Add CVE-2026-50811/freetype

- - - - -
f337e333 by Salvatore Bonaccorso at 2026-07-08T14:15:37+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -67,7 +67,7 @@ CVE-2026-59153 (Anki is a program for creating and reviewing 
flashcards. Prior t
 CVE-2026-58583 (FluxInk (formerly Sunia SPB Peripheral) Color Management 
Driver (TcnPe ...)
        NOT-FOR-US: FluxInk
 CVE-2026-58473 (Cognee before 1.2.0 contains an improper access control 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: Cognee
 CVE-2026-58472 (GNU Wget through 1.25.0, fixed in commit dd692d9, contains a 
heap buff ...)
        - wget <unfixed>
        NOTE: Fixed by: 
https://gitlab.com/gnuwget/wget/-/commit/dd692d9cea5335b181d877ae917fe6e75587a812
@@ -99,9 +99,9 @@ CVE-2026-57172 (DataEase is an open source data visualization 
and analysis tool.
 CVE-2026-56843 (Incorrect authorization in the XML-RPC API of WebPros Plesk 
before 18. ...)
        NOT-FOR-US: WebPros Plesk
 CVE-2026-56812 (Improper Check for Unusual or Exceptional Conditions 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: phoenixframework phoenix (Presence JavaScript client)
 CVE-2026-56811 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
-       TODO: check
+       NOT-FOR-US: phoenixframework phoenix (Phoenix.Socket module)
 CVE-2026-56437 (Uncontrolled search path element issue exists in Pupsman 
versions prio ...)
        NOT-FOR-US: Fuji
 CVE-2026-55647 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
@@ -113,7 +113,7 @@ CVE-2026-55633 (DataEase is an open source data 
visualization and analysis tool.
 CVE-2026-55631 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
        NOT-FOR-US: DataEase
 CVE-2026-55592 (Dashy is a self-hostable personal dashboard. Prior to 4.3.7, 
Dashy's w ...)
-       TODO: check
+       NOT-FOR-US: Dashy
 CVE-2026-55490 (OpenWrt is a Linux operating system targeting embedded 
devices. Before ...)
        NOT-FOR-US: OpenWrt
 CVE-2026-55438 (Coder allows organizations to provision remote development 
environment ...)
@@ -143,7 +143,7 @@ CVE-2026-55427 (Coder allows organizations to provision 
remote development envir
 CVE-2026-55418 (FastGPT is an open source AI knowledge base platform. Prior to 
v4.15.0 ...)
        NOT-FOR-US: FastGPT
 CVE-2026-55417 (Chevereto is a self-hosted media-sharing platform. Starting in 
version ...)
-       TODO: check
+       NOT-FOR-US: Chevereto
 CVE-2026-55408 (Koodo Reader is an ebook reader. In version 2.3.0 and earlier, 
Koodo R ...)
        NOT-FOR-US: Koodo Reader
 CVE-2026-55079 (Coder allows organizations to provision remote development 
environment ...)
@@ -185,7 +185,9 @@ CVE-2026-53479 (DellPowerProtectData Domain, versions 
7.7.1.0 through 8.7, LTS20
 CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain 
sensitiv ...)
        NOT-FOR-US: Oneblog
 CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3 
and vers ...)
-       TODO: check
+       - freetype <unfixed>
+       NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1436
+       NOTE: Fixed by: 
https://gitlab.freedesktop.org/freetype/freetype/-/commit/5a280ecde6f324de0d226261036e736e0cb49a71
 CVE-2026-50810 (A NULL pointer dereference in smooth_parse_stream_index() in 
src/media ...)
        TODO: check
 CVE-2026-50530 (DataEase is an open source data visualization and analysis 
tool. Prior ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32ea80d4ec8ec311b2bb0cb0582f44ae64951c43...f337e333d6c3805e4d817fdee718900e8d42b7da

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/32ea80d4ec8ec311b2bb0cb0582f44ae64951c43...f337e333d6c3805e4d817fdee718900e8d42b7da
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to