Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e21ae8b by Moritz Muehlenhoff at 2026-01-22T15:19:23+01:00
also track CVE-2026-23949 for setuptools, thanks to jpfc for the note
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -732,9 +732,13 @@ CVE-2026-23949 (jaraco.context, an open-source software
package that provides so
- jaraco.context 6.0.1-2 (bug #1126078)
[trixie] - jaraco.context <no-dsa> (Minor issue)
[bookworm] - jaraco.context <not-affected> (Vulnerable code not present)
+ - setuptools <unfixed>
+ [bookworm] - setuptools <not-affected> (Vulnerable code not present,
bundled jaraco.context too old)
+ [bullseye] - setuptools <not-affected> (Vulnerable code not present,
bundled jaraco.context too old)
NOTE:
https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2
NOTE: Introduced with:
https://github.com/jaraco/jaraco.context/commit/e13fc7f2b379683c326153a3d6f4d2800f812fd0
(v5.2.0)
NOTE: Fixed by:
https://github.com/jaraco/jaraco.context/commit/7b26a42b525735e4085d2e994e13802ea339d5f9
(v6.1.0)
+ NOTE: setuptools includes a bundled version
CVE-2026-23947 (Orval generates type-safe JS clients (TypeScript) from any
valid OpenA ...)
NOT-FOR-US: Orval
CVE-2026-23944 (Arcane is an interface for managing Docker containers, images,
network ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e21ae8b97608ababd94da0004c02fdc03e93a83
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e21ae8b97608ababd94da0004c02fdc03e93a83
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
