Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e39013e2 by Salvatore Bonaccorso at 2026-07-09T06:15:54+02:00
Add Debian bug reference for freetype issue
- - - - -
47fc548a by Salvatore Bonaccorso at 2026-07-09T06:16:26+02:00
Add Debian bug references for xorg-server and libfont issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -598,7 +598,7 @@ CVE-2026-53479 (DellPowerProtectData Domain, versions
7.7.1.0 through 8.7, LTS20
CVE-2026-51937 (An issue in Oneblog V2.3.9 allows a remote attacker to obtain
sensitiv ...)
NOT-FOR-US: Oneblog
CVE-2026-50811 (An out-of-bounds read vulnerability exists in FreeType 2.14.3
and vers ...)
- - freetype <unfixed>
+ - freetype <unfixed> (bug #1141704)
[trixie] - freetype <no-dsa> (Minor issue)
NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/work_items/1436
NOTE: Fixed by:
https://gitlab.freedesktop.org/freetype/freetype/-/commit/5a280ecde6f324de0d226261036e736e0cb49a71
@@ -746,26 +746,26 @@ CVE-2026-10570 (The Sympl Repeater for ACF and Elementor
plugin for WordPress is
CVE-2025-12799 (A flaw was found in Jastow. Jastow is vulnerable to Cross-Site
Scripti ...)
NOT-FOR-US: Jastow
CVE-2026-56003 (A heap buffer overflow due to missing size checking in the
property bu ...)
- - libxfont <unfixed>
+ - libxfont <unfixed> (bug #1141702)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/dff957a5158da038a282a59a31fe736702732939
(libXfont2-2.0.8)
CVE-2026-56002 (A heap bufferflow in pcfReadFont() due to missing glyph bounds
checkin ...)
- - libxfont <unfixed>
+ - libxfont <unfixed> (bug #1141702)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/b4389e0b1d84a690b819bb27b1439968811a3674
(libXfont2-2.0.8)
CVE-2026-56001 (A heap buffer overflow in BitmapScaleBitmaps in libXfont2
before 2.0.8 ...)
- - libxfont <unfixed>
+ - libxfont <unfixed> (bug #1141702)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/1
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/lib/libxfont/-/commit/be0b08e2d354138d3222b4490e2a77c6ee42f778
(libXfont2-2.0.8)
CVE-2026-56000 (Local attackers with a X connection able to provide GLX commit
to the ...)
- - xorg-server <unfixed>
+ - xorg-server <unfixed> (bug #1141703)
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/08/2
NOTE: Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2779affbdb4354e894f490e56f962527d6125043
CVE-2026-55999 (Local attackers with a X connection able to provide PCX fonts
to the X ...)
- - xorg-server <unfixed>
+ - xorg-server <unfixed> (bug #1141703)
- xwayland <unfixed>
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be
running as root)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/43ad3ea82c9c74ca5b9937b5cd40f60e945be640...47fc548a1e76fdccc5eeacaaf3784a76c15ea26b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/43ad3ea82c9c74ca5b9937b5cd40f60e945be640...47fc548a1e76fdccc5eeacaaf3784a76c15ea26b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits