Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d4ad3d1a by Salvatore Bonaccorso at 2026-02-19T22:17:34+01:00
Add CVE-2026-26278/node-webfont
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -87,7 +87,10 @@ CVE-2026-26318 (systeminformation is a System and OS
information library for nod
CVE-2026-26280 (systeminformation is a System and OS information library for
node.js. ...)
NOT-FOR-US: systeminformation Node.js module
CVE-2026-26278 (fast-xml-parser allows users to validate XML, parse XML to JS
object, ...)
- TODO: check
+ - node-webfont <undetermined>
+ NOTE:
https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj
+ NOTE: Fixed by:
https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77
(v5.3.6)
+ NOTE: node-webfont provides node-fast-xml-parser
CVE-2026-26267 (soroban-sdk is a Rust SDK for Soroban contracts. Prior to
versions 22. ...)
NOT-FOR-US: soroban-sdk
CVE-2026-26223 (SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the
private are ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ad3d1a0c2b0e05141bcd9d8eb87e523eaa55c8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4ad3d1a0c2b0e05141bcd9d8eb87e523eaa55c8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
