Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a6aa63b7 by Moritz Muehlenhoff at 2026-06-12T09:44:30+02:00
new chromium issues / NFUs

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -35,51 +35,51 @@ CVE-2026-53807 (OpenClaw before 2026.5.6 contains an 
authorization bypass vulner
 CVE-2026-53806 (OpenClaw before 2026.5.12 contains a shell option parsing 
vulnerabilit ...)
        NOT-FOR-US: OpenClaw
 CVE-2026-53782 (Summarize before 0.17.0 contains a server-side request forgery 
vulnera ...)
-       TODO: check
+       NOT-FOR-US: Summarize
 CVE-2026-53781 (Summarize before 0.17.0 contains a resource exhaustion 
vulnerability t ...)
-       TODO: check
+       NOT-FOR-US: Summarize
 CVE-2026-50245 (Brickcom camerasallow unauthenticated access to live snapshot 
images v ...)
-       TODO: check
+       NOT-FOR-US: Brickcom cameras
 CVE-2026-50005 (Brickcom cameras ship with default credentials that allows any 
unauthe ...)
-       TODO: check
+       NOT-FOR-US: Brickcom cameras
 CVE-2026-49973 (Hermes WebUI before version 0.51.358 contains an improper 
access contr ...)
-       TODO: check
+       NOT-FOR-US: Hermes WebUI
 CVE-2026-49949 (CodexBar before 0.33.0 contains a credential forwarding 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: CodexBar
 CVE-2026-49482 (ClipBucket v5 is an open source video sharing platform. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: ClipBucket
 CVE-2026-49060 (Incorrect Privilege Assignment vulnerability in Hippoo Mobile 
App for  ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-48613 (SQL injection vulnerability in phpBB profile field migration 
due to im ...)
-       TODO: check
+       NOT-FOR-US: phpBB
 CVE-2026-48612 (Improper state verification in the OAuth implementation could 
allow an ...)
-       TODO: check
+       NOT-FOR-US: phpBB
 CVE-2026-48611 (Improper authentication checks in the OAuth implementation 
allow accou ...)
-       TODO: check
+       NOT-FOR-US: phpBB
 CVE-2026-48610 (Under certain network configurations, a malicious actor with 
access to ...)
-       TODO: check
+       NOT-FOR-US: Ubiquity
 CVE-2026-47370 (A malicious actor with access to the network and low 
privileges could  ...)
-       TODO: check
+       NOT-FOR-US: Ubiquity
 CVE-2026-47369 (A malicious actor with access to the network and low 
privileges could  ...)
-       TODO: check
+       NOT-FOR-US: Ubiquity
 CVE-2026-47368 (A malicious actor with access to the network could exploit a 
Path Trav ...)
-       TODO: check
+       NOT-FOR-US: Ubiquity
 CVE-2026-47367 (A malicious actor with access to the network and low 
privileges could  ...)
-       TODO: check
+       NOT-FOR-US: Ubiquity
 CVE-2026-47366 (Improper verification of access permissions when modifying 
permissions ...)
-       TODO: check
+       NOT-FOR-US: phpBB
 CVE-2026-47365 (Argument injection vulnerability in WordPress Toolkit before 
6.11.0 as ...)
-       TODO: check
+       NOT-FOR-US: WordPress Toolkit
 CVE-2026-47238 (ClipBucket v5 is an open source video sharing platform. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: ClipBucket
 CVE-2026-46622 (SolidInvoice is an open-source invoicing platform. Prior to 
version 2. ...)
-       TODO: check
+       NOT-FOR-US: SolidInvoice
 CVE-2026-46489 (SolidInvoice is an open-source invoicing platform. Prior to 
version 2. ...)
-       TODO: check
+       NOT-FOR-US: SolidInvoice
 CVE-2026-45802 (FPDI is a collection of PHP classes that facilitate reading 
pages from ...)
-       TODO: check
+       NOT-FOR-US: Setasign
 CVE-2026-45418 (ClipBucket v5 is an open source video sharing platform. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: ClipBucket
 CVE-2026-45175 (Idira Endpoint Privilege Manager Agent versions prior to 26.5 
exhibit  ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2026-45174 (Idira Endpoint Privilege Manager Linux Agent versions prior to 
26.5 al ...)
@@ -95,7 +95,7 @@ CVE-2026-45170 (Idira Privilege Cloud Connector versions 
prior 1.1.100504 under
 CVE-2026-45169 (Idira Privileged Access Manager (PAM) Self-Hosted Vault 
versions prior ...)
        NOT-FOR-US: Palo Alto Networks
 CVE-2026-45060 (ClipBucket v5 is an open source video sharing platform. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: ClipBucket
 CVE-2026-44892 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-44890 (Netty is a network application framework for development of 
protocol s ...)
@@ -105,7 +105,7 @@ CVE-2026-44250 (Netty is a network application framework 
for development of prot
 CVE-2026-44249 (Netty is a network application framework for development of 
protocol s ...)
        TODO: check
 CVE-2026-42846 (ClipBucket v5 is an open source video sharing platform. Prior 
to versi ...)
-       TODO: check
+       NOT-FOR-US: ClipBucket
 CVE-2026-42653 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin or theme
 CVE-2026-42647 (Improper Neutralization of Special Elements used in an SQL 
Command ('S ...)
@@ -117,69 +117,97 @@ CVE-2026-39494 (Improper Neutralization of Special 
Elements used in an SQL Comma
 CVE-2026-20746 (Virtual attribute handling in Ping Identity PingDirectory in 
affected  ...)
        TODO: check
 CVE-2026-12060 (Heptabase developed by Hepta Platforms has a Exposed Dangerous 
Method  ...)
-       TODO: check
+       NOT-FOR-US: Heptabase
 CVE-2026-12059 (The SSH service of CelloOS developed by Cellopoint has an 
Improper Acc ...)
-       TODO: check
+       NOT-FOR-US: CellosOS
 CVE-2026-12038
        REJECTED
 CVE-2026-12035 (Use after free in Views in Google Chrome on Windows prior to 
149.0.782 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12034 (Insufficient validation of untrusted input in Linux Toolkit 
Theming in ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12033 (Out of bounds read in VideoCapture in Google Chrome prior to 
149.0.782 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12032 (Inappropriate implementation in Passwords in Google Chrome on 
Android  ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12031 (Inappropriate implementation in Views in Google Chrome on 
Windows prio ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12030 (Out of bounds write in GPU in Google Chrome on Android prior 
to 149.0. ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12029 (Use after free in Video in Google Chrome on Windows prior to 
149.0.782 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12028 (Use after free in GPU in Google Chrome on Android prior to 
149.0.7827. ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12027 (Inappropriate implementation in Headless in Google Chrome 
prior to 149 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12026 (Out of bounds read in Video in Google Chrome on ChromeOS prior 
to 149. ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12025 (Insufficient validation of untrusted input in Network in 
Google Chrome ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12024 (Insufficient policy enforcement in DevTools in Google Chrome 
prior to  ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12023 (Use after free in GPU in Google Chrome on Mac prior to 
149.0.7827.115  ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12022 (Race in Safe Browsing in Google Chrome on Mac prior to 
149.0.7827.115  ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12020 (Use after free in Autofill in Google Chrome on Mac prior to 
149.0.7827 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12019 (Heap buffer overflow in Codecs in Google Chrome on Linux and 
ChromeOS  ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12018 (Inappropriate implementation in Mojo in Google Chrome on 
Windows prior ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12017 (Inappropriate implementation in Extensions in Google Chrome 
prior to 1 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12016 (Inappropriate implementation in DevTools in Google Chrome 
prior to 149 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12015 (Use after free in Autofill in Google Chrome prior to 
149.0.7827.115 al ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12014 (Use after free in Cast in Google Chrome prior to 
149.0.7827.115 allowe ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12013 (Use after free in Media in Google Chrome on Windows prior to 
149.0.782 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12012 (Use after free in Network in Google Chrome prior to 
149.0.7827.115 all ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12011 (Use after free in WebMIDI in Google Chrome on Windows prior to 
149.0.7 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12010 (Heap buffer overflow in GPU in Google Chrome on Android prior 
to 149.0 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12009 (Insufficient validation of untrusted input in Accessibility in 
Google  ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12008 (Use after free in DigitalCredentials in Google Chrome prior to 
149.0.7 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-12007 (Use after free in Core in Google Chrome on Windows prior to 
149.0.7827 ...)
-       TODO: check
+       - chromium <unfixed>
+       [bullseye] - chromium <end-of-life> (see #1061268)
 CVE-2026-11933 (A use-after-free vulnerability exists in MongoDB Server's 
server-side  ...)
-       TODO: check
+       - mongodb <removed>
 CVE-2026-10676
        REJECTED
 CVE-2026-9694 (GitLab has remediated an issue in GitLab CE/EE affecting all 
versions  ...)
@@ -441,7 +469,7 @@ CVE-2026-46643 (Snappy is a PHP library allowing thumbnail, 
snapshot or PDF gene
 CVE-2026-46625 (JavaScript Cookie is a JavaScript API for handling cookies, 
client-sid ...)
        TODO: check
 CVE-2026-46519 (mcp-server-kubernetes is a Model Context Protocol server for 
Kubernete ...)
-       TODO: check
+       NOT-FOR-US: mcp-server-kubernetes
 CVE-2026-45783 (libp2p is a JavaScript Implementation of libp2p networking 
stack. Prio ...)
        TODO: check
 CVE-2026-45384 (bit7z is a cross-platform C++ static library that allows the 
compressi ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -20,6 +20,8 @@ atril
 --
 botan3 (aron)
 --
+chromium (dilinger)
+--
 cups
 --
 dulwich



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6aa63b70cc0e2ba82d82e4d8cc4ca53dfc72032

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6aa63b70cc0e2ba82d82e4d8cc4ca53dfc72032
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to