Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
2fb909a8 by security tracker role at 2026-07-16T07:13:17+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,4 +1,236 @@
-CVE-2026-53366 [ipv4: account for fraggap on the paged allocation path]
+CVE-2026-63175 (PlaywrightCapture stored capture-specific configuration and 
runtime da ...)
+       TODO: check
+CVE-2026-62361 (listmonk is a standalone, self-hosted, newsletter and mailing 
list man ...)
+       TODO: check
+CVE-2026-62355 (TDengine is an open source, time-series database optimized for 
Interne ...)
+       TODO: check
+CVE-2026-62353 (TDengine is a time-series database optimized for Internet of 
Things de ...)
+       TODO: check
+CVE-2026-62351 (TDengine is a time-series database optimized for Internet of 
Things de ...)
+       TODO: check
+CVE-2026-62350 (TDengine is an open source, time-series database optimized for 
Interne ...)
+       TODO: check
+CVE-2026-62349 (TDengine is an open source, time-series database optimized for 
Interne ...)
+       TODO: check
+CVE-2026-62348 (TDengine is a time-series database optimized for Internet of 
Things de ...)
+       TODO: check
+CVE-2026-62314 (Anubis is a Web AI Firewall Utility that challenges users' 
connections ...)
+       TODO: check
+CVE-2026-62312 (9Router is an AI router & token saver. Prior to 0.5.2, 9Router 
allows  ...)
+       TODO: check
+CVE-2026-59950 (The MCP Python SDK, called mcp on PyPI, is a Python 
implementation of  ...)
+       TODO: check
+CVE-2026-56743 (Cilium is a networking, observability, and security solution. 
From 1.1 ...)
+       TODO: check
+CVE-2026-56742 (Cilium is a networking, observability, and security solution. 
Prior to ...)
+       TODO: check
+CVE-2026-56679 (9Router is an AI router & token saver. Prior to 0.5.4, the 
PATCH /api/ ...)
+       TODO: check
+CVE-2026-56678 (9Router is an AI router & token saver. Prior to 0.5.6, the 
Kiro API-ke ...)
+       TODO: check
+CVE-2026-55652 (Wekan is open source kanban built with Meteor. Prior to 9.46, 
header-l ...)
+       TODO: check
+CVE-2026-55608 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
+       TODO: check
+CVE-2026-55576 (MaaAssistantArknights is a one-click tool for daily Arknights 
tasks. I ...)
+       TODO: check
+CVE-2026-55445 (Qinglong is a timed task management platform supporting 
Python3, JavaS ...)
+       TODO: check
+CVE-2026-55410 (NocoBase is an AI-powered no-code/low-code platform for 
building busin ...)
+       TODO: check
+CVE-2026-55399 (CVE-2026-55399 is a resource exhaustion vulnerability in the 
Secure Ac ...)
+       TODO: check
+CVE-2026-55398 (CVE-2026-55398 is a memory management vulnerability in Secure 
Access c ...)
+       TODO: check
+CVE-2026-55234 (Wekan is open source kanban built with Meteor. Prior to 9.37, 
Wekan DD ...)
+       TODO: check
+CVE-2026-54458 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 c ...)
+       TODO: check
+CVE-2026-54052 (n8n-MCP is an MCP server that provides AI assistants access to 
n8n nod ...)
+       TODO: check
+CVE-2026-53447 (Wekan is open source kanban built with Meteor. Prior to 9.35, 
the Weka ...)
+       TODO: check
+CVE-2026-53446 (Wekan is open source kanban built with Meteor. Prior to 9.32, 
Wekan we ...)
+       TODO: check
+CVE-2026-53445 (Wekan is open source kanban built with Meteor. Prior to 9.32, 
the Weka ...)
+       TODO: check
+CVE-2026-53444 (Wekan is open source kanban built with Meteor. Prior to 9.32, 
Wekan OI ...)
+       TODO: check
+CVE-2026-52893 (Wekan is open source kanban built with Meteor. Prior to 9.32, 
the Weka ...)
+       TODO: check
+CVE-2026-52892 (Wekan is open source kanban built with Meteor. Prior to 9.32, 
Wekan RE ...)
+       TODO: check
+CVE-2026-52891 (Wekan is open source kanban built with Meteor. Prior to 9.07, 
Wekan av ...)
+       TODO: check
+CVE-2026-52890 (Wekan is open source kanban built with Meteor. Prior to 9.31, 
Wekan al ...)
+       TODO: check
+CVE-2026-52888 (NocoBase is an AI-powered no-code/low-code platform for 
building busin ...)
+       TODO: check
+CVE-2026-52887 (NocoBase is an AI-powered no-code/low-code platform for 
building busin ...)
+       TODO: check
+CVE-2026-52870 (The MCP Python SDK, called mcp on PyPI, is a Python 
implementation of  ...)
+       TODO: check
+CVE-2026-52869 (The MCP Python SDK, called mcp on PyPI, is a Python 
implementation of  ...)
+       TODO: check
+CVE-2026-51380 (Buffer Overflow vulnerability in Tenda AC10 v3 (firmware 
V03.03.16.09) ...)
+       TODO: check
+CVE-2026-50183 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
+       TODO: check
+CVE-2026-50182 (WWBN AVideo is an open source video platform. Versions prior 
to 29.0 c ...)
+       TODO: check
+CVE-2026-50144 (ncnn is a high-performance neural network inference framework 
optimize ...)
+       TODO: check
+CVE-2026-50124 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-50030 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-49867 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-49445 (Cilium is a networking, observability, and security solution. 
Prior to ...)
+       TODO: check
+CVE-2026-49353 (9Router is an AI router & token saver. In 0.4.45 and earlier, 
9Router' ...)
+       TODO: check
+CVE-2026-49352 (9Router is an AI router & token saver. From 0.2.21 until 
0.4.44, 9Rout ...)
+       TODO: check
+CVE-2026-49279 (WWBN AVideo is an open source video platform. Versions 29.0 
and below  ...)
+       TODO: check
+CVE-2026-48795 (AdonisJS is a TypeScript-first web framework. From 10.1.3 
until 10.1.5 ...)
+       TODO: check
+CVE-2026-46684 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-46421 (The SAP Cloud Application Programming Model is a tool for 
building ent ...)
+       TODO: check
+CVE-2026-46339 (9Router is an AI router & token saver. From 0.4.30 until 
0.4.37, 9Rout ...)
+       TODO: check
+CVE-2026-45738 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
+       TODO: check
+CVE-2026-45737 (Argo CD is a declarative, GitOps continuous delivery tool for 
Kubernet ...)
+       TODO: check
+CVE-2026-45535 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-45534 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-45533 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-45419 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-45417 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-45320 (DataEase is an open source data visualization and analysis 
tool. Prior ...)
+       TODO: check
+CVE-2026-45313 (Sandboxie-Plus is an open source sandbox-based isolation 
software for  ...)
+       TODO: check
+CVE-2026-40958 (CVE-2026-40958 is a input validation error in Secure Access 
clients pr ...)
+       TODO: check
+CVE-2026-40957 (o CVE-2026-40957 is a frameable content vulnerability in the 
Secure Ac ...)
+       TODO: check
+CVE-2026-40956 (CVE-2026-40956 is a memory disclosure vulnerability in Secure 
Access c ...)
+       TODO: check
+CVE-2026-40955 (CVE-2026-40955 is an integer underflow vulnerability in the 
traffic pa ...)
+       TODO: check
+CVE-2026-40954 (CVE-2026-40954 is an integer underflow vulnerability in the 
traffic pa ...)
+       TODO: check
+CVE-2026-40953 (CVE-2026-40953 is a heap overflow in the certificate parsing 
function  ...)
+       TODO: check
+CVE-2026-40952 (CVE-2026-40952 is a privilege misconfiguration in the Secure 
Access in ...)
+       TODO: check
+CVE-2026-38974 (Dulwich through 1.1.0 was found to be missing SSH host key 
verificatio ...)
+       TODO: check
+CVE-2026-38755 (A heap overflow in the evalcommand() function (shell/ash.c) of 
Busybox ...)
+       TODO: check
+CVE-2026-38754 (A heap overflow in the ifsbreakup() function (shell/ash.c) of 
Busybox  ...)
+       TODO: check
+CVE-2026-38753 (A use-after-free in the awk_sub() function (editors/awk.c) of 
Busybox  ...)
+       TODO: check
+CVE-2026-38752 (A stack overflow in the evaluate() function (editors/awk.c) of 
BusyBox ...)
+       TODO: check
+CVE-2026-36590 (An issue in EMQ NanoMQ v.0.24.9 allows a remote attacker to 
cause a de ...)
+       TODO: check
+CVE-2026-33684 (WWBN AVideo is an open source video platform. Prior to version 
29.0, P ...)
+       TODO: check
+CVE-2026-33445 (CVE-2026-33445 is a memory management vulnerability in Secure 
Access s ...)
+       TODO: check
+CVE-2026-33444 (CVE-2026-33444 is a memory management vulnerability in Secure 
Access s ...)
+       TODO: check
+CVE-2026-33443 (CVE-2026-33443 is a memory management error in Secure Access 
servers p ...)
+       TODO: check
+CVE-2026-30623 (LiteLLM 1.18.10 contains a remote code execution vulnerability 
in its  ...)
+       TODO: check
+CVE-2026-30618 (xszyou Fay 4.3.1 contains a remote code execution 
vulnerability in its ...)
+       TODO: check
+CVE-2026-26719 (Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 
allows a r ...)
+       TODO: check
+CVE-2026-26718 (A Cross-Site Request Forgery (CSRF) vulnerability exists in 
the xxl-jo ...)
+       TODO: check
+CVE-2026-26032 (The PackagerResolver of Apache Ivy is able to download online 
artifact ...)
+       TODO: check
+CVE-2026-21729 (Loki queries with large limits can cause large memory 
allocations whic ...)
+       TODO: check
+CVE-2026-15925 (Improper TLS hostname verification in Snowflake Connector for 
Python v ...)
+       TODO: check
+CVE-2026-15921 (Node Version Manager (nvm) is a POSIX-compliant shell function 
for man ...)
+       TODO: check
+CVE-2026-15909 (A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up 
to ddfe1 ...)
+       TODO: check
+CVE-2026-15907 (A flaw has been found in H3C SecPath F1000-C8300 up to 
20260522. This  ...)
+       TODO: check
+CVE-2026-15895 (OS command injection in the npm package loading component in 
AWS jsii- ...)
+       TODO: check
+CVE-2026-15652 (The Easy Accordion \u2013 AI-Powered FAQ & Accordion Blocks, 
Product F ...)
+       TODO: check
+CVE-2026-15458 (The SEO Booster plugin for WordPress is vulnerable to generic 
SQL Inje ...)
+       TODO: check
+CVE-2026-15445 (The SEO Booster plugin for WordPress is vulnerable to 
time-based SQL I ...)
+       TODO: check
+CVE-2026-15336 (The Catch Themes Demo Import plugin for WordPress is 
vulnerable to Mis ...)
+       TODO: check
+CVE-2026-15306 (The Product Feed Manager For WooCommerce \u2013 Sell on 200+ 
Online Ma ...)
+       TODO: check
+CVE-2026-15013 (The SAML Single Sign On \u2013 SSO Login plugin for WordPress 
is vulne ...)
+       TODO: check
+CVE-2026-14987 (The GiveWP \u2013 Donation Plugin and Fundraising Platform 
plugin for  ...)
+       TODO: check
+CVE-2026-13042 (The RPB Chessboard plugin for WordPress is vulnerable to 
Stored Cross- ...)
+       TODO: check
+CVE-2026-13005 (The MxChat \u2013 AI Chatbot & Content Generation for 
WordPress plugin ...)
+       TODO: check
+CVE-2026-12979 (The FunnelKit  WordPress plugin before 3.15.0.6 does not 
validate a us ...)
+       TODO: check
+CVE-2026-12978 (The FunnelKit  WordPress plugin before 3.15.0.6 does not 
escape a user ...)
+       TODO: check
+CVE-2026-12941 (The MultiVendorX \u2013 WooCommerce Multivendor Marketplace AI 
Powered ...)
+       TODO: check
+CVE-2026-12907 (The RTMKit WordPress plugin before 2.0.9 does not perform a 
proper cap ...)
+       TODO: check
+CVE-2026-12906 (The RTMKit WordPress plugin before 2.0.9 does not perform a 
capability ...)
+       TODO: check
+CVE-2026-12869 (The Header Footer Builder for Elementor WordPress plugin 
before 1.2.1  ...)
+       TODO: check
+CVE-2026-12753 (The Advance Product Search- Voice & Ajax Search for 
WooCommerce plugin ...)
+       TODO: check
+CVE-2026-12684 (The Customer Reviews for WooCommerce WordPress plugin before 
5.113.0 d ...)
+       TODO: check
+CVE-2026-12585 (The Abandoned Cart Lite for WooCommerce WordPress plugin 
before 6.8.2  ...)
+       TODO: check
+CVE-2026-12525 (The Redux Framework WordPress plugin before 4.5.13 does not 
restrict w ...)
+       TODO: check
+CVE-2026-12510 (The AI Engine  WordPress plugin before 3.5.5 does not verify 
that a us ...)
+       TODO: check
+CVE-2026-12492 (The Happy Coders OTP Login for WooCommerce WordPress plugin 
before 2.8 ...)
+       TODO: check
+CVE-2026-12434 (The List category posts plugin for WordPress is vulnerable to 
Sensitiv ...)
+       TODO: check
+CVE-2026-12409 (The Landing Page Builder \u2013 Coming Soon page, Maintenance 
Mode, Le ...)
+       TODO: check
+CVE-2026-12395 (The WP Job Portal  WordPress plugin before 2.5.5 does not 
properly san ...)
+       TODO: check
+CVE-2026-11866 (The Appointment Booking Plugin  WordPress plugin before 5.6.3 
does not ...)
+       TODO: check
+CVE-2026-11371 (The BetterDocs  WordPress plugin before 4.5.5 does not 
sanitise an AI- ...)
+       TODO: check
+CVE-2025-65720 (An issue in Open Source GPT Researcher v3.3.7 allows attackers 
to exec ...)
+       TODO: check
+CVE-2026-53366 (In the Linux kernel, the following vulnerability has been 
resolved:  i ...)
        - linux 7.1.3-1
        [trixie] - linux 6.12.95-1
        [bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -419,38 +651,47 @@ CVE-2026-10673 (The Zephyr ADIN2111/ADIN1110 
10BASE-T1S/T1L Ethernet driver (dri
 CVE-2025-32781 (Apollo is a reliable configuration management system suitable 
for micr ...)
        TODO: check
 CVE-2026-56136
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-r66g-c39x-cw95
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-56135
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-c9qg-fh4v-mq8r
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-46572
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-wx5r-gc7w-9hhc
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-46570
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-m6qq-pv5j-2wxc
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-46571
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-52gr-j4pv-9pjh
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-46569
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xxv8-9r24-hcj9
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-42618
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6whp-3f63-97qw
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-42617
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-jv65-qqf7-f692
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
 CVE-2026-42616
+       {DSA-6389-1}
        - ntfs-3g <unfixed> (bug #1142144)
        NOTE: 
https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-p6mp-gp2j-7358
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/15/6
@@ -2122,48 +2363,63 @@ CVE-2026-23573 (An Improper Neutralization of Input 
During Web Page Generation (
 CVE-2026-21840 (HCL BigFix Platform is affected by a user enumeration 
vulnerability wh ...)
        NOT-FOR-US: HCL
 CVE-2026-15778 (Insufficient validation of untrusted input in Navigation in 
Google Chr ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15777 (Use after free in UI in Google Chrome on Linux prior to 
150.0.7871.125 ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15776 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15775 (Inappropriate implementation in V8 in Google Chrome prior to 
150.0.787 ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15774 (Use after free in Skia in Google Chrome prior to 
150.0.7871.125 allowe ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15773 (Use after free in Core in Google Chrome on Windows prior to 
150.0.7871 ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15772 (Use after free in GPU in Google Chrome on Android prior to 
150.0.7871. ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15771 (Insufficient validation of untrusted input in Media in Google 
Chrome o ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15770 (Uninitialized Use in V8 in Google Chrome prior to 
150.0.7871.125 allow ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15769 (Insufficient validation of untrusted input in Linux Toolkit 
Theming in ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15768 (Insufficient policy enforcement in HTML-in-Canvas in Google 
Chrome pri ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15767 (Heap buffer overflow in libyuv in Google Chrome on Windows 
prior to 15 ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15766 (Uninitialized Use in Skia in Google Chrome prior to 
150.0.7871.125 all ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15765 (Use after free in Ozone in Google Chrome prior to 
150.0.7871.125 allow ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15764 (Use after free in Ozone in Google Chrome on Linux prior to 
150.0.7871. ...)
+       {DSA-6390-1}
        - chromium 150.0.7871.124-1
        [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-15757 (A security flaw was discovered in the NETGEAR DGND3700v1 that 
could al ...)
@@ -35725,7 +35981,7 @@ CVE-2026-48095 (7-Zip is a file archiver with a high 
compression ratio. Versions
        NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source 
package
        NOTE: depending on 7zip. Mark this version as fixed version.
        NOTE: https://securitylab.github.com/advisories/GHSL-2026-140_7-Zip/
-CVE-2026-48863
+CVE-2026-48863 (A flaw was found in libsolv. A stack-based buffer overflow 
vulnerabili ...)
        - libsolv 0.7.38-1
        [trixie] - libsolv <no-dsa> (Minor issue)
        [bookworm] - libsolv <no-dsa> (Minor issue)
@@ -77100,7 +77356,7 @@ CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the 
OpenBSD bcrypt() password
        [bullseye] - ruby-bcrypt <postponed> (Minor issue)
        NOTE: 
https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
        NOTE: Fixed by: 
https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
 (v3.1.22)
-CVE-2026-23538
+CVE-2026-23538 (A vulnerability was identified in the Feast Feature Server's 
`/ws/chat ...)
        NOT-FOR-US: Feast
 CVE-2026-23537 (A vulnerability has been identified in the Feast Feature 
Server\u2019s ...)
        NOT-FOR-US: Feast
@@ -78707,7 +78963,7 @@ CVE-2026-34881 (OpenStack Glance before 29.1.1, 30.x 
before 30.1.1, and 31.0.0 i
        NOTE: https://www.openwall.com/lists/oss-security/2026/03/19/3
        NOTE: https://bugs.launchpad.net/glance/+bug/2138602
        NOTE: https://security.openstack.org/ossa/OSSA-2026-004.html
-CVE-2026-3842
+CVE-2026-3842 (A flaw was found in QEMU. This vulnerability allows a local 
attacker w ...)
        - qemu 1:10.2.2+ds-1
        [trixie] - qemu 1:10.0.10+ds-0+deb13u1
        [bookworm] - qemu <no-dsa> (Minor issue)
@@ -96014,7 +96270,7 @@ CVE-2026-2239 (A flaw was found in GIMP. 
Heap-buffer-overflow vulnerability exis
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae
 (gimp-3-0 branch)
        NOTE: Followup (not strictly part of the CVE, but a second problem 
exposed):
        NOTE: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/02886e626df5e4c5f73f838a64fd3f21809dda09
-CVE-2026-1609
+CVE-2026-1609 (A flaw was found in Keycloak. When the JSON Web Token (JWT) 
authorizat ...)
        - keycloak <itp> (bug #1088287)
 CVE-2025-11537 (A flaw was found in Keycloak. When the logging format is 
configured to ...)
        - keycloak <itp> (bug #1088287)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb909a870db98fe736eeb854424e8f37af08cd4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2fb909a870db98fe736eeb854424e8f37af08cd4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to