Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
865da698 by Salvatore Bonaccorso at 2026-06-18T10:43:01+02:00
Add two new tinyproxy issues

- - - - -
684c7395 by Salvatore Bonaccorso at 2026-06-18T10:44:25+02:00
Prefix commit for CVE-2026-55202

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; 
latest commit 459ca
 CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to 
properly v ...)
        - tinyproxy <unfixed>
        NOTE: https://github.com/tinyproxy/tinyproxy/pull/606
-       NOTE: 
https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce
+       NOTE: Fixed by: 
https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce
 CVE-2026-55201 (Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a 
path trave ...)
        NOT-FOR-US: Evil-WinRM
 CVE-2026-55200 (libssh2 through 1.11.1, fixed in commit 7acf3df contains an 
out-of-bou ...)
@@ -27,9 +27,15 @@ CVE-2026-54533 (vantage6 is an open-source infrastructure 
for privacy preserving
 CVE-2026-54445 (vantage6 is an open-source infrastructure for privacy 
preserving analy ...)
        NOT-FOR-US: vantage6
 CVE-2026-54388 (Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to 
reject req ...)
-       TODO: check
+       - tinyproxy <unfixed>
+       NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
+       NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
+       NOTE: Fixed by: 
https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb
 CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to 
reconcile  ...)
-       TODO: check
+       - tinyproxy <unfixed>
+       NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
+       NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
+       NOTE: Fixed by: 
https://github.com/tinyproxy/tinyproxy/commit/623bfc093df009296f0b85d40bc677ef9d5c09bb
 CVE-2026-54386 (marimo before 0.23.9 contains a reflected cross-site scripting 
vulnera ...)
        TODO: check
 CVE-2026-53676 (ThingsBoard contains a prototype pollution vulnerability which 
may lea ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5d291fa5037990847aea808a16ac596c2a7fdf...684c7395f211ba3801113482cdbd2678178a5308

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5d291fa5037990847aea808a16ac596c2a7fdf...684c7395f211ba3801113482cdbd2678178a5308
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to