Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
307d6fc4 by Salvatore Bonaccorso at 2026-06-24T17:00:13+02:00
Track fixed version for some docker.io issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6325,13 +6325,13 @@ CVE-2026-42947 (A flaw in Naxclow's platform\u2019s
onboarding workflow allows a
CVE-2026-42932 (Naxclow device identifiers use fixed manufacturing prefixes
combined w ...)
NOT-FOR-US: Naxclow
CVE-2026-42306 (Moby is an open source container framework. In Docker Engine
prior to ...)
- - docker.io <unfixed> (bug #1139967)
+ - docker.io 28.5.2+dfsg4-3 (bug #1139967)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh
NOTE: Fixed by:
https://github.com/moby/moby/commit/43fa458a9c40873867e75221454de10709b04236
(docker-v29.5.1)
CVE-2026-41581 (Frappe is a full-stack web application framework. Prior to
versions 15 ...)
NOT-FOR-US: Frappe
CVE-2026-41568 (Moby is an open source container framework. In Docker Engine
prior to ...)
- - docker.io <unfixed> (bug #1139966)
+ - docker.io 28.5.2+dfsg4-3 (bug #1139966)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5
NOTE: Fixed by:
https://github.com/moby/moby/commit/64a22d80b93ddc1416b501b5145df02947312249
(docker-v29.5.1)
CVE-2026-40677 (The use of insecure HTTP transport within AMD optional tools
could all ...)
@@ -10576,7 +10576,7 @@ CVE-2026-45290 (Cloudburst Network provides network
components used within Cloud
CVE-2026-42824 (Missing authentication for critical function in M365 Copilot
allows an ...)
NOT-FOR-US: Microsoft
CVE-2026-41567 (Moby is an open source container framework. In versions prior
to 29.5. ...)
- - docker.io <unfixed> (bug #1139965)
+ - docker.io 28.5.2+dfsg4-3 (bug #1139965)
NOTE:
https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r
NOTE: Fixed by:
https://github.com/moby/moby/commit/2022313ffe5a8c04890b5295bc52670ee6df8070
(docker-v29.5.1)
CVE-2026-41522 (Iris is a web collaborative platform that helps incident
responders sh ...)
@@ -54681,10 +54681,10 @@ CVE-2026-33750 (The brace-expansion library generates
arbitrary strings containi
NOTE:
https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v
NOTE: Fixed by:
https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5
(v2.0.3)
CVE-2026-33748 (BuildKit is a toolkit for converting source code to build
artifacts in ...)
- - docker.io <unfixed> (bug #1140189)
+ - docker.io 28.5.2+dfsg4-3 (bug #1140189)
- golang-github-moby-buildkit <itp> (bug #1094971)
CVE-2026-33747 (BuildKit is a toolkit for converting source code to build
artifacts in ...)
- - docker.io <unfixed> (bug #1140189)
+ - docker.io 28.5.2+dfsg4-3 (bug #1140189)
- golang-github-moby-buildkit <itp> (bug #1094971)
CVE-2026-33745 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
[experimental] - cpp-httplib 0.41.0+ds-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307d6fc48ee83824395e10dc2dca6745641e469e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307d6fc48ee83824395e10dc2dca6745641e469e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits