Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b498644e by Salvatore Bonaccorso at 2026-06-11T23:00:36+02:00
Re-associate old rust-russh issues which were marked NFU

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22648,7 +22648,9 @@ CVE-2026-42192 (Plunk is an open-source email platform 
built on top of AWS SES.
 CVE-2026-42190 (RedwoodSDK is a server-first React framework. From version 
1.0.0-beta. ...)
        NOT-FOR-US: RedwoodSDK
 CVE-2026-42189 (Russh is a Rust SSH client & server library. Prior to version 
0.60.1,  ...)
-       NOT-FOR-US: Russh
+       - rust-russh <unfixed>
+       NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-f5v4-2wr6-hqmg
+       NOTE: Fixed by: 
https://github.com/Eugeny/russh/commit/6c3c80a9b6d60763d6227d60fa8310e57172a4d1 
(v0.60.1)
 CVE-2026-42185 (People is an application to handle users and teams, and 
distribute per ...)
        NOT-FOR-US: People (suitenumerique/people)
 CVE-2026-42183 (Argo Workflows is an open source container-native workflow 
engine for  ...)
@@ -141516,7 +141518,9 @@ CVE-2025-54868 (LibreChat is a ChatGPT clone with 
additional features. In versio
 CVE-2025-54865 (Tilesheets MediaWiki Extension adds a table lookup parser 
function for ...)
        NOT-FOR-US: MediaWiki Extension
 CVE-2025-54804 (Russh is a Rust SSH client & server library. In versions 
0.54.0 and be ...)
-       NOT-FOR-US: russh
+       - rust-russh <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm
+       NOTE: Fixed by: 
https://github.com/Eugeny/russh/commit/0eb5e406780890e21ff71dd25d731b30676478e5 
(v0.54.1)
 CVE-2025-54803 (js-toml is a TOML parser for JavaScript, fully compliant with 
the TOML ...)
        NOT-FOR-US: js-toml
 CVE-2025-54802 (pyLoad is the free and open-source Download Manager written in 
pure Py ...)
@@ -246435,7 +246439,9 @@ CVE-2024-43411 (CKEditor4 is an open source 
what-you-see-is-what-you-get HTML ed
        NOTE: Fixed by: 
https://github.com/ckeditor/ckeditor4/commit/e35bbadc15e2ae76e39b3fc963b851ecc0da4b28
 (4.25.0-lts)
        NOTE: Negligible security impact; feature disabled by default.
 CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an 
untrusted a ...)
-       NOT-FOR-US: Russh
+       - rust-russh <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg
+       NOTE: Fixed by: 
https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55 
(v0.44.1)
 CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML 
editor.  ...)
        - ckeditor <removed> (bug #1083192)
        [bookworm] - ckeditor <no-dsa> (Minor issue)
@@ -358612,7 +358618,9 @@ CVE-2023-28115 (Snappy is a PHP library allowing 
thumbnail, snapshot or PDF gene
 CVE-2023-28114 (`cilium-cli` is the command line interface to install, manage, 
and tro ...)
        NOT-FOR-US: cilium-cli
 CVE-2023-28113 (russh is a Rust SSH client and server library. Starting in 
version 0.3 ...)
-       NOT-FOR-US: russh
+       - rust-russh <not-affected> (Fixed before initial upload to Debian)
+       NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-cqvm-j2r2-hwpg
+       NOTE: Fixed by: 
https://github.com/Eugeny/russh/commit/d831a3716d3719dc76f091fcea9d94bd4ef97c6e 
(v0.36.2)
 CVE-2023-28112 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)
        NOT-FOR-US: Discourse
 CVE-2023-28111 (Discourse is an open-source discussion platform. Prior to 
version 3.1. ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b498644e67dca7edacf4bfbe41fe38835527e78b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b498644e67dca7edacf4bfbe41fe38835527e78b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to