Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker
Commits: b7ce9c0d by Daniel Leidert at 2026-07-07T02:47:56+02:00 Add reference to upstream commit and announcement for CVE-2026-12893 - - - - - 846a02e7 by Daniel Leidert at 2026-07-07T03:01:15+02:00 Add references for upstream commits for CVE-2025-65865,CVE-2025-63829/fastdds There is a huge list of CVEs not in the security tracker: https://github.com/eProsima/Fast-DDS/commit/d9f4b373c90179c96f3b1542e72f16e282ef0104 (v3.6.2) https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124282 (v3.6.2) https://github.com/eProsima/Fast-DDS/commit/aeba2db3640d1f79d9f1f0430b10a475ea4c47cb (master) - - - - - d2a548f6 by Daniel Leidert at 2026-07-07T03:17:10+02:00 Add reference to upstream issue report for CVE-2026-13500/antlr4 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -885,6 +885,8 @@ CVE-2026-12893 [gstreamer1-libav: gstreamer1-libav: NULL pointer dereference in - gst-libav1.0 <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491322 (not yet public) NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/78 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11802 + NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0038.html TODO: check, from Red Hat only association with GStreamer gst-libav plugin is known CVE-2024-0234 NOT-FOR-US: Podman Desktop @@ -5678,6 +5680,7 @@ CVE-2026-13501 (A security vulnerability has been detected in antlr ANTLR4 up to CVE-2026-13500 (A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected ...) - antlr4 <undetermined> NOTE: https://github.com/wooyun123/wooyun/issues/4 + NOTE: https://github.com/antlr/antlr4/issues/4952 TODO: check upstream reporting and status CVE-2026-13499 (A security flaw has been discovered in yashpokharna2555 restaurent-man ...) NOT-FOR-US: yashpokharna2555 restaurent-management-system @@ -108917,6 +108920,7 @@ CVE-2025-66845 (A reflected Cross-Site Scripting (XSS) vulnerability has been id CVE-2025-65865 (An integer overflow in eProsima Fast-DDS v3.3 allows attackers to caus ...) - fastdds <undetermined> TODO: check https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if reported upstream + NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284 (v3.6.2) CVE-2025-65713 (Home Assistant Core before v2025.8.0 is vulnerable to Directory Traver ...) NOT-FOR-US: Home Assistant Core CVE-2025-65410 (A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 all ...) @@ -122020,6 +122024,7 @@ CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has an infinite loop vulnerabi - fastdds <unfixed> (unimportant) NOTE: https://github.com/lkloliver/poc/tree/main/CVE-2025-63829 NOTE: https://github.com/eProsima/Fast-DDS/issues/6187 + NOTE: Fixed by: https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284 (v3.6.2) NOTE: Cannot be remotely triggered, negligible impact CVE-2025-63828 (Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows atta ...) - backdrop <itp> (bug #914257) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c2e696814db12c97921e2974f68dc620909b25fc...d2a548f6973cbf88b8676ebe1e16c6d9105ae492 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c2e696814db12c97921e2974f68dc620909b25fc...d2a548f6973cbf88b8676ebe1e16c6d9105ae492 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
