Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a21ca347 by Moritz Muehlenhoff at 2026-06-24T22:05:41+02:00
new libsoup issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1529,11 +1529,11 @@ CVE-2026-11997 (The Bulk SEO Image plugin for WordPress
is vulnerable to Cross-S
CVE-2026-11972 (When using the "tarfile" module with a file opened in
"streaming mode" ...)
TODO: check
CVE-2026-11820 (Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM \u2014
AV:N/AC: ...)
- TODO: check
+ NOT-FOR-US: Red Hat
CVE-2026-11819 (Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM
\u2014 ...)
NOT-FOR-US: Red Hat
CVE-2026-11807 (A missing authorization vulnerability was found in the
Event-Driven An ...)
- TODO: check
+ NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-11614 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for
WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2026-11370 (The WP Meta SEO plugin for WordPress is vulnerable to
Server-Side Requ ...)
@@ -2559,7 +2559,14 @@ CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a
Session Fixation vulner
CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site
Scripting v ...)
NOT-FOR-US: Digiwin
CVE-2026-12549 (The fix for CVE-2026-2443 was regressed by a subsequent rework
commit ...)
- TODO: check
+ - libsoup3 <unfixed>
+ [trixie] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443
not released)
+ [bookworm] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443
not released)
+ - libsoup2.4 <removed>
+ [trixie] - libsoup2.4 <not-affected> (Incomplete fix for CVE-2026-2443
not released)
+ [bookworm] - libsoup2.4 <not-affected> (Incomplete fix for
CVE-2026-2443 not released)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2489999
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516
CVE-2026-12479 (A path traversal vulnerability exists in keras-team/keras
version 3.14 ...)
TODO: check
CVE-2026-12249 (An issue was discovered in Canonical ADSys upstream versions
through v ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits