Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
e39013e2 by Salvatore Bonaccorso at 2026-07-09T06:15:54+02:00
Add Debian bug reference for freetype issue

- - - - -
47fc548a by Salvatore Bonaccorso at 2026-07-09T06:16:26+02:00
Add Debian bug references for xorg-server and libfont issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -598,7 +598,7 @@ CVE-2026-53479 (DellPowerProtectData Domain, versions 
7.7.1.0 through 8.7, LTS20
 CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain 
sensitiv ...)
        NOT-FOR-US: Oneblog
 CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3 
and vers ...)
-       - freetype <unfixed>
+       - freetype <unfixed> (bug #1141704)
        [trixie] - freetype <no-dsa> (Minor issue)
        NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1436
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/freetype/freetype/-/commit/5a280ecde6f324de0d226261036e736e0cb49a71
@@ -746,26 +746,26 @@ CVE-2026-10570 (The Sympl Repeater for ACF and Elementor 
plugin for WordPress is
 CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site 
Scripti ...)
        NOT-FOR-US: Jastow
 CVE-2026-56003 (A heap buffer overflow due to missing size checking in the 
property bu ...)
-       - libxfont <unfixed>
+       - libxfont <unfixed> (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939
 (libXfont2-2.0.8)
 CVE-2026-56002 (A heap bufferflow in pcfReadFont() due to missing glyph bounds 
checkin ...)
-       - libxfont <unfixed>
+       - libxfont <unfixed> (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674
 (libXfont2-2.0.8)
 CVE-2026-56001 (A heap buffer overflow in BitmapScaleBitmaps in libXfont2 
before 2.0.8 ...)
-       - libxfont <unfixed>
+       - libxfont <unfixed> (bug #1141702)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
 (libXfont2-2.0.8)
 CVE-2026-56000 (Local attackers with a X connection able to provide GLX commit 
to the  ...)
-       - xorg-server <unfixed>
+       - xorg-server <unfixed> (bug #1141703)
        - xwayland <unfixed>
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
        [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/2
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043
 CVE-2026-55999 (Local attackers with a X connection able to provide PCX fonts 
to the X ...)
-       - xorg-server <unfixed>
+       - xorg-server <unfixed> (bug #1141703)
        - xwayland <unfixed>
        [trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)
        [bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be 
running as root)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/43ad3ea82c9c74ca5b9937b5cd40f60e945be640...47fc548a1e76fdccc5eeacaaf3784a76c15ea26b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/43ad3ea82c9c74ca5b9937b5cd40f60e945be640...47fc548a1e76fdccc5eeacaaf3784a76c15ea26b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to