Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
922d4cb4 by Moritz Muehlenhoff at 2026-07-02T23:23:02+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2959,7 +2959,7 @@ CVE-2026-58138 (Orkes Conductor 3.21.21 before 3.30.2 
contains an unauthenticate
 CVE-2026-58116 (LLaMA-Factory through 0.9.5 contains a remote code execution 
vulnerabi ...)
        NOT-FOR-US: LLaMA-Factory
 CVE-2026-58016 (A flaw was found in GLib. A state confusion issue exists in 
g_dbus_nod ...)
-       - glib2.0 <unfixed>
+       - glib2.0 <unfixed> (bug #1141316)
        [trixie] - glib2.0 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/work_items/3932
        NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/5156 (2.89.0)
@@ -3503,10 +3503,10 @@ CVE-2026-58000 (luci-proto-openvpn through 0.11.1, 
fixed in commit e4ff45e, cont
 CVE-2026-57999 (luci-app-tailscale-community contains a command injection 
vulnerabilit ...)
        NOT-FOR-US: luci-app-tailscale-community
 CVE-2026-57966 (A path traversal vulnerability was found in spice-vdagent. 
This flaw a ...)
-       - spice-vdagent <unfixed>
+       - spice-vdagent <unfixed> (bug #1141317)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2493582
 CVE-2026-57965 (A flaw was found in spice-vdagent. A malicious or compromised 
SPICE ho ...)
-       - spice-vdagent <unfixed>
+       - spice-vdagent <unfixed> (bug #1141318)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2493581
 CVE-2026-57960 (Hi.Events through 1.9.0 public check-in list endpoints use 
short_id as ...)
        NOT-FOR-US: Hi.Events
@@ -3771,7 +3771,7 @@ CVE-2026-13437 (Insertion of sensitive information into 
sent data in the AI Agen
 CVE-2026-13165 (SzafirHost verifies the downloaded native library archive with 
one Jar ...)
        NOT-FOR-US: SzafirHost
 CVE-2026-12912 (A flaw was found in libtiff. A remote attacker could exploit 
this vuln ...)
-       - tiff <unfixed>
+       - tiff <unfixed> (bug #1141320)
        NOTE: https://gitlab.com/libtiff/libtiff/-/work_items/824
        NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/873
        NOTE: 
https://gitlab.com/libtiff/libtiff/-/commit/ba2b04b114c5dd945107ccc613cedfcca3af73bb
 (v4.7.2rc2)
@@ -6950,7 +6950,7 @@ CVE-2026-12077 (The Dokan Pro plugin for WordPress is 
vulnerable to time-based S
 CVE-2026-12053 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
        NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
 CVE-2026-11998 (A flaw in AngularJS' Strict Contextual Escaping (SCE) logic 
allows byp ...)
-       - angular.js <unfixed>
+       - angular.js <unfixed> (bug #1141314)
        NOTE: 
https://www.herodevs.com/vulnerability-directory/cve-2026-11998?nes-for-angularjs
 CVE-2026-11379 (GitLab has remediated an issue in GitLab EE affecting all 
versions fro ...)
        NOT-FOR-US: GitLab (used to be packaged in the Debian archive as 
src:gitlab, but never in a stable release)
@@ -9302,17 +9302,17 @@ CVE-2026-48109 (MessagePack for C# is a MessagePack 
serializer for C#. Prior to
 CVE-2026-48067 (Filament is a collection of full-stack components for 
accelerated Lara ...)
        NOT-FOR-US: Filament
 CVE-2026-47242 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
-       - ruby3.3 <unfixed>
+       - ruby3.3 <unfixed> (bug #1141319)
        - ruby3.1 <removed>
        - ruby2.7 <removed>
        NOTE: 
https://github.com/ruby/net-imap/security/advisories/GHSA-46q3-7gv7-qmgg
 CVE-2026-47241 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
-       - ruby3.3 <unfixed>
+       - ruby3.3 <unfixed> (bug #1141319)
        - ruby3.1 <removed>
        - ruby2.7 <removed>
        NOTE: 
https://github.com/ruby/net-imap/security/advisories/GHSA-c4fp-cxrr-mj66
 CVE-2026-47240 (Net::IMAP implements Internet Message Access Protocol (IMAP) 
client fu ...)
-       - ruby3.3 <unfixed>
+       - ruby3.3 <unfixed> (bug #1141319)
        - ruby3.1 <removed>
        - ruby2.7 <removed>
        NOTE: 
https://github.com/ruby/net-imap/security/advisories/GHSA-8p34-64r3-mwg8



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/922d4cb421daa46b8b0fd6eb4556ad3438998bd3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/922d4cb421daa46b8b0fd6eb4556ad3438998bd3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to