Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b498644e by Salvatore Bonaccorso at 2026-06-11T23:00:36+02:00
Re-associate old rust-russh issues which were marked NFU
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22648,7 +22648,9 @@ CVE-2026-42192 (Plunk is an open-source email platform
built on top of AWS SES.
CVE-2026-42190 (RedwoodSDK is a server-first React framework. From version
1.0.0-beta. ...)
NOT-FOR-US: RedwoodSDK
CVE-2026-42189 (Russh is a Rust SSH client & server library. Prior to version
0.60.1, ...)
- NOT-FOR-US: Russh
+ - rust-russh <unfixed>
+ NOTE:
https://github.com/Eugeny/russh/security/advisories/GHSA-f5v4-2wr6-hqmg
+ NOTE: Fixed by:
https://github.com/Eugeny/russh/commit/6c3c80a9b6d60763d6227d60fa8310e57172a4d1
(v0.60.1)
CVE-2026-42185 (People is an application to handle users and teams, and
distribute per ...)
NOT-FOR-US: People (suitenumerique/people)
CVE-2026-42183 (Argo Workflows is an open source container-native workflow
engine for ...)
@@ -141516,7 +141518,9 @@ CVE-2025-54868 (LibreChat is a ChatGPT clone with
additional features. In versio
CVE-2025-54865 (Tilesheets MediaWiki Extension adds a table lookup parser
function for ...)
NOT-FOR-US: MediaWiki Extension
CVE-2025-54804 (Russh is a Rust SSH client & server library. In versions
0.54.0 and be ...)
- NOT-FOR-US: russh
+ - rust-russh <not-affected> (Fixed before initial upload to Debian)
+ NOTE:
https://github.com/Eugeny/russh/security/advisories/GHSA-h5rc-j5f5-3gcm
+ NOTE: Fixed by:
https://github.com/Eugeny/russh/commit/0eb5e406780890e21ff71dd25d731b30676478e5
(v0.54.1)
CVE-2025-54803 (js-toml is a TOML parser for JavaScript, fully compliant with
the TOML ...)
NOT-FOR-US: js-toml
CVE-2025-54802 (pyLoad is the free and open-source Download Manager written in
pure Py ...)
@@ -246435,7 +246439,9 @@ CVE-2024-43411 (CKEditor4 is an open source
what-you-see-is-what-you-get HTML ed
NOTE: Fixed by:
https://github.com/ckeditor/ckeditor4/commit/e35bbadc15e2ae76e39b3fc963b851ecc0da4b28
(4.25.0-lts)
NOTE: Negligible security impact; feature disabled by default.
CVE-2024-43410 (Russh is a Rust SSH client & server library. Allocating an
untrusted a ...)
- NOT-FOR-US: Russh
+ - rust-russh <not-affected> (Fixed before initial upload to Debian)
+ NOTE:
https://github.com/Eugeny/russh/security/advisories/GHSA-vgvv-x7xg-6cqg
+ NOTE: Fixed by:
https://github.com/Eugeny/russh/commit/f660ea3f64b86d11d19e33076012069f02431e55
(v0.44.1)
CVE-2024-43407 (CKEditor4 is an open source what-you-see-is-what-you-get HTML
editor. ...)
- ckeditor <removed> (bug #1083192)
[bookworm] - ckeditor <no-dsa> (Minor issue)
@@ -358612,7 +358618,9 @@ CVE-2023-28115 (Snappy is a PHP library allowing
thumbnail, snapshot or PDF gene
CVE-2023-28114 (`cilium-cli` is the command line interface to install, manage,
and tro ...)
NOT-FOR-US: cilium-cli
CVE-2023-28113 (russh is a Rust SSH client and server library. Starting in
version 0.3 ...)
- NOT-FOR-US: russh
+ - rust-russh <not-affected> (Fixed before initial upload to Debian)
+ NOTE:
https://github.com/Eugeny/russh/security/advisories/GHSA-cqvm-j2r2-hwpg
+ NOTE: Fixed by:
https://github.com/Eugeny/russh/commit/d831a3716d3719dc76f091fcea9d94bd4ef97c6e
(v0.36.2)
CVE-2023-28112 (Discourse is an open-source discussion platform. Prior to
version 3.1. ...)
NOT-FOR-US: Discourse
CVE-2023-28111 (Discourse is an open-source discussion platform. Prior to
version 3.1. ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b498644e67dca7edacf4bfbe41fe38835527e78b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b498644e67dca7edacf4bfbe41fe38835527e78b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits