Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
145a9d17 by Salvatore Bonaccorso at 2026-07-09T10:17:58+02:00
Add new Composer issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27,11 +27,20 @@ CVE-2026-5922 (The IP phone might use malicious input 
stored in configuration pa
 CVE-2026-5523 (The Divi Form Builder plugin for WordPress is vulnerable to 
Missing Au ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-59948 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
-       TODO: check
+       - composer 2.10.2-1
+       NOTE: 
https://github.com/composer/composer/security/advisories/GHSA-499r-g7pc-vmp9
+       NOTE: Fixed by: 
https://github.com/composer/composer/commit/502c6c4f699802d9cf464728b3e8a95674f919a0
 (2.10.2)
+       NOTE: Fixed by: 
https://github.com/composer/composer/commit/c50b1efd13ebd73f6dca19b31424c5a02bf93cc1
 (2.2.29)
 CVE-2026-59947 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
-       TODO: check
+       - composer 2.10.2-1
+       NOTE: 
https://github.com/composer/composer/security/advisories/GHSA-g6xq-892h-64w3
+       NOTE: Fixed by: 
https://github.com/composer/composer/commit/8887ad76fbd830cb1861a2b1fd8ead78ed1fa1ec
 (2.10.2)
+       NOTE: Fixed by: 
https://github.com/composer/composer/commit/6bd66874ae523ecb69aca5964487a0cdfda03ef8
 (2.2.29)
 CVE-2026-59946 (Composer is a dependency Manager for the PHP language. Prior 
to 2.2.29 ...)
-       TODO: check
+       - composer 2.10.2-1
+       NOTE: 
https://github.com/composer/composer/security/advisories/GHSA-gjfg-22fp-rrxx
+       NOTE: Fixed by: 
https://github.com/composer/composer/commit/502c6c4f699802d9cf464728b3e8a95674f919a0
 (2.10.2)
+       NOTE: Fixed by: 
https://github.com/composer/composer/commit/c50b1efd13ebd73f6dca19b31424c5a02bf93cc1
 (2.2.29)
 CVE-2026-59939 (httplib2 is a comprehensive HTTP client library for Python. 
Prior to 0 ...)
        - python-httplib2 0.32.0-1
        NOTE: 
https://github.com/httplib2/httplib2/security/advisories/GHSA-j5g9-f88f-gfj3



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/145a9d1711bbcd50ede8fc32b50e670eebdb9f47

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/145a9d1711bbcd50ede8fc32b50e670eebdb9f47
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to