Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d6644a0c by Salvatore Bonaccorso at 2026-01-22T22:35:43+01:00
Process two new go-tuf issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -95,9 +95,13 @@ CVE-2026-24001 (jsdiff is a JavaScript text differencing
implementation. Prior t
CVE-2026-23996 (FastAPI Api Key provides a backend-agnostic library that
provides an A ...)
TODO: check
CVE-2026-23992 (go-tuf is a Go implementation of The Update Framework (TUF).
Starting ...)
- TODO: check
+ - golang-github-theupdateframework-go-tuf <unfixed>
+ NOTE:
https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-fphv-w9fq-2525
+ NOTE: Fixed by;
https://github.com/theupdateframework/go-tuf/commit/b38d91fdbc69dfe31fe9230d97dafe527ea854a0
(v2.3.1)
CVE-2026-23991 (go-tuf is a Go implementation of The Update Framework (TUF).
Starting ...)
- TODO: check
+ - golang-github-theupdateframework-go-tuf <unfixed>
+ NOTE:
https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-846p-jg2w-w324
+ NOTE: Fixed by:
https://github.com/theupdateframework/go-tuf/commit/73345ab6b0eb7e59d525dac17a428f043074cef6
(v2.3.1)
CVE-2026-23990 (The Flux Operator is a Kubernetes CRD controller that manages
the life ...)
NOT-FOR-US: Flux Operator
CVE-2026-23986 (Copier is a library and CLI app for rendering project
templates. Prior ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6644a0c0e1851e20d76853ed2acfdaca16ed27d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6644a0c0e1851e20d76853ed2acfdaca16ed27d
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
