Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
988ae517 by Salvatore Bonaccorso at 2026-06-12T06:18:54+02:00
Add Debian bug reference for rust-russh issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -153,13 +153,13 @@ CVE-2026-48547 (KanaDojo contains a command injection 
vulnerability that allows
 CVE-2026-48546 (KanaDojo before 0.1.18 contains a sandbox escape vulnerability 
that al ...)
        NOT-FOR-US: KanaDojo
 CVE-2026-48110 (Russh is a Rust SSH client & server library. From version 
0.34.0 to be ...)
-       - rust-russh <unfixed>
+       - rust-russh <unfixed> (bug #1139726)
        NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-4r3c-5hpg-58qr
 CVE-2026-48108 (Russh is a Rust SSH client & server library. From version 
0.34.0-beta. ...)
-       - rust-russh <unfixed>
+       - rust-russh <unfixed> (bug #1139726)
        NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-76r6-x97p-67vr
 CVE-2026-48107 (Russh is a Rust SSH client & server library. From version 
0.37.0 to be ...)
-       - rust-russh <unfixed>
+       - rust-russh <unfixed> (bug #1139726)
        NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-g9g7-5cgw-6v28
 CVE-2026-48011 (Shopware is an open commerce platform. Prior to versions 
6.6.10.18 and ...)
        NOT-FOR-US: Shopware
@@ -206,12 +206,12 @@ CVE-2026-47162 (Vim is an open source, command line text 
editor. Prior to versio
 CVE-2026-47157 (aiograpi is an asynchronous Instagram API for Python. aiograpi 
version ...)
        NOT-FOR-US: aiograpi
 CVE-2026-46705 (Russh is a Rust SSH client & server library. From version 
0.34.0-beta. ...)
-       - rust-russh <unfixed>
+       - rust-russh <unfixed> (bug #1139726)
        NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-hpv4-5h6f-wqr3
 CVE-2026-46703 (Boxlite is a sandbox service that allows users to create 
lightweight v ...)
        NOT-FOR-US: Boxlite
 CVE-2026-46702 (Russh is a Rust SSH client & server library. From version 
0.34.0 to be ...)
-       - rust-russh <unfixed>
+       - rust-russh <unfixed> (bug #1139726)
        NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-wwx6-x28x-8259
 CVE-2026-46698 (Fediverse Embeds embeds fediverse posts on WordPress sites. 
Prior to v ...)
        NOT-FOR-US: Fediverse Embeds
@@ -226,7 +226,7 @@ CVE-2026-46683 (Snappy is a PHP library allowing thumbnail, 
snapshot or PDF gene
 CVE-2026-46679 (libp2p is a JavaScript Implementation of libp2p networking 
stack. Prio ...)
        TODO: check
 CVE-2026-46673 (Russh is a Rust SSH client & server library. Prior to version 
0.60.3,  ...)
-       - rust-russh <unfixed>
+       - rust-russh <unfixed> (bug #1139726)
        NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-g9f8-wqj9-fjw5
 CVE-2026-46669 (OpenVM is a performant and modular zkVM framework built for 
customizat ...)
        NOT-FOR-US: OpenVM
@@ -22656,7 +22656,7 @@ CVE-2026-42192 (Plunk is an open-source email platform 
built on top of AWS SES.
 CVE-2026-42190 (RedwoodSDK is a server-first React framework. From version 
1.0.0-beta. ...)
        NOT-FOR-US: RedwoodSDK
 CVE-2026-42189 (Russh is a Rust SSH client & server library. Prior to version 
0.60.1,  ...)
-       - rust-russh <unfixed>
+       - rust-russh <unfixed> (bug #1139726)
        NOTE: 
https://github.com/Eugeny/russh/security/advisories/GHSA-f5v4-2wr6-hqmg
        NOTE: Fixed by: 
https://github.com/Eugeny/russh/commit/6c3c80a9b6d60763d6227d60fa8310e57172a4d1 
(v0.60.1)
 CVE-2026-42185 (People is an application to handle users and teams, and 
distribute per ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/988ae5178c03dfb98dbd2f1b187a13a8090917b8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/988ae5178c03dfb98dbd2f1b187a13a8090917b8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to