Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
968e52b0 by Salvatore Bonaccorso at 2026-02-28T21:33:22+01:00
Add Debian bug references for vips issues
- - - - -
b3a399fe by Salvatore Bonaccorso at 2026-02-28T21:33:24+01:00
Add Debian bug reference for CVE-2026-28364/ocaml
- - - - -
9612e9df by Salvatore Bonaccorso at 2026-02-28T21:33:26+01:00
Add Debian bug reference for CVE-2026-27830
- - - - -
67b941bc by Salvatore Bonaccorso at 2026-02-28T21:33:28+01:00
Add Debian bug reference for CVE-2026-3184
- - - - -
49937460 by Salvatore Bonaccorso at 2026-02-28T21:33:31+01:00
Add Debian bug reference for CVE-2026-3099/libsoup3
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -279,22 +279,22 @@ CVE-2026-3286 (A vulnerability was identified in itwanger
paicoding 1.0.0/1.0.1/
CVE-2026-3285 (A vulnerability was determined in berry-lang berry up to 1.1.0.
The af ...)
NOT-FOR-US: berry-lang berry
CVE-2026-3284 (A vulnerability was found in libvips 8.19.0. Impacted is the
function ...)
- - vips <unfixed>
+ - vips <unfixed> (bug #1129310)
NOTE: https://github.com/libvips/libvips/issues/4879
NOTE: https://github.com/libvips/libvips/pull/4887
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70
CVE-2026-3283 (A vulnerability has been found in libvips 8.19.0. This issue
affects t ...)
- - vips <unfixed>
+ - vips <unfixed> (bug #1129310)
NOTE: https://github.com/libvips/libvips/issues/4880
NOTE: https://github.com/libvips/libvips/pull/4887
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70
CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability
affects th ...)
- - vips <unfixed>
+ - vips <unfixed> (bug #1129311)
NOTE: https://github.com/libvips/libvips/issues/4881
NOTE: https://github.com/libvips/libvips/pull/4886
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91
CVE-2026-3281 (A vulnerability was detected in libvips 8.19.0. This affects
the funct ...)
- - vips <unfixed>
+ - vips <unfixed> (bug #1129312)
NOTE: https://github.com/libvips/libvips/issues/4878
NOTE: https://github.com/libvips/libvips/pull/4895
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088
@@ -332,7 +332,7 @@ CVE-2026-28370 (In the query parser in OpenStack Vitrage
before 12.0.1, 13.0.0,
- vitrage <unfixed>
TODO: check details
CVE-2026-28364 (In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer
over-read in Mar ...)
- - ocaml <unfixed>
+ - ocaml <unfixed> (bug #1129317)
NOTE: https://osv.dev/vulnerability/OSEC-2026-01
NOTE: Fixed by:
https://github.com/ocaml/ocaml/commit/e3919fef436f89271bc30bbe8592851f7289fb68
(5.4.1)
NOTE: Fixed by:
https://github.com/ocaml/ocaml/commit/b0a2614684a52acded784ec213f14ddfe085d146
(4.13.3)
@@ -789,7 +789,7 @@ CVE-2026-27837 (Dottie provides nested object access and
manipulation in JavaScr
CVE-2026-27831 (rldns is an open source DNS server. Version 1.3 has a
heap-based out-o ...)
NOT-FOR-US: rldns
CVE-2026-27830 (c3p0, a JDBC Connection pooling library, is vulnerable to
attack via m ...)
- - c3p0 <unfixed>
+ - c3p0 <unfixed> (bug #1129318)
NOTE:
https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv
NOTE: Fixed by:
https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e
(v0.12.0)
CVE-2026-27829 (Astro is a web framework. In versions 9.0.0 through 9.5.3, a
bug in As ...)
@@ -920,7 +920,7 @@ CVE-2026-0542 (ServiceNow has addressed a remote code
execution vulnerability th
CVE-2026-3190
- keycloak <itp> (bug #1088287)
CVE-2026-3184 [Access control bypass due to improper hostname canonicalization]
- - util-linux <unfixed>
+ - util-linux <unfixed> (bug #1129313)
[trixie] - util-linux <no-dsa> (Minor issue)
[bookworm] - util-linux <no-dsa> (Minor issue)
[bullseye] - util-linux <postponed> (Minor issue)
@@ -1267,17 +1267,17 @@ CVE-2026-3149 (A weakness has been identified in
itsourcecode College Management
CVE-2026-3148 (A vulnerability was determined in SourceCodester Simple and
Nice Shopp ...)
NOT-FOR-US: SourceCodester
CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects
the fu ...)
- - vips <unfixed>
+ - vips <unfixed> (bug #1129314)
NOTE: https://github.com/libvips/libvips/issues/4874
NOTE: https://github.com/libvips/libvips/pull/4894
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/b3ab458a25e0e261cbd1788474bbc763f7435780
CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The
impacted e ...)
- - vips <unfixed>
+ - vips <unfixed> (bug #1129315)
NOTE: https://github.com/libvips/libvips/issues/4875
NOTE: https://github.com/libvips/libvips/pull/4888
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece
CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected
element is ...)
- - vips <unfixed>
+ - vips <unfixed> (bug #1129315)
NOTE: https://github.com/libvips/libvips/issues/4876
NOTE: https://github.com/libvips/libvips/pull/4888
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece
@@ -1424,7 +1424,7 @@ CVE-2026-27624 (Coturn is a free open source
implementation of TURN and STUN Ser
CVE-2026-3121
- keycloak <itp> (bug #1088287)
CVE-2026-3099
- - libsoup3 <unfixed>
+ - libsoup3 <unfixed> (bug #1129316)
[trixie] - libsoup3 <no-dsa> (Minor issue)
[bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baf54790f544abd36570be09c082a2d4ade21b5...4993746080be87c8d4e0e5406574b2d6be6f9c2c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0baf54790f544abd36570be09c082a2d4ade21b5...4993746080be87c8d4e0e5406574b2d6be6f9c2c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
