Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a21ca347 by Moritz Muehlenhoff at 2026-06-24T22:05:41+02:00
new libsoup issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1529,11 +1529,11 @@ CVE-2026-11997 (The Bulk SEO Image plugin for WordPress 
is vulnerable to Cross-S
 CVE-2026-11972 (When using the "tarfile" module with a file opened in 
"streaming mode" ...)
        TODO: check
 CVE-2026-11820 (Module: plugins/modules/nexmo.py  CVSS 3.1: 6.5 MEDIUM \u2014 
AV:N/AC: ...)
-       TODO: check
+       NOT-FOR-US: Red Hat
 CVE-2026-11819 (Module: plugins/modules/keyring_info.py   CVSS 3.1: 5.5 MEDIUM 
\u2014  ...)
        NOT-FOR-US: Red Hat
 CVE-2026-11807 (A missing authorization vulnerability was found in the 
Event-Driven An ...)
-       TODO: check
+       NOT-FOR-US: Red Hat Ansible Automation Platform
 CVE-2026-11614 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for 
WordPress ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-11370 (The WP Meta SEO plugin for WordPress is vulnerable to 
Server-Side Requ ...)
@@ -2559,7 +2559,14 @@ CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a 
Session Fixation vulner
 CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site 
Scripting v ...)
        NOT-FOR-US: Digiwin
 CVE-2026-12549 (The fix for CVE-2026-2443 was regressed by a subsequent rework 
commit  ...)
-       TODO: check
+       - libsoup3 <unfixed>
+       [trixie] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443 
not released)
+       [bookworm] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443 
not released)
+       - libsoup2.4 <removed>
+       [trixie] - libsoup2.4 <not-affected> (Incomplete fix for CVE-2026-2443 
not released)
+       [bookworm] - libsoup2.4 <not-affected> (Incomplete fix for 
CVE-2026-2443 not released)
+       NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2489999
+       NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516
 CVE-2026-12479 (A path traversal vulnerability exists in keras-team/keras 
version 3.14 ...)
        TODO: check
 CVE-2026-12249 (An issue was discovered in Canonical ADSys upstream versions 
through v ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to