Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b7ce9c0d by Daniel Leidert at 2026-07-07T02:47:56+02:00
Add reference to upstream commit and announcement for CVE-2026-12893

- - - - -
846a02e7 by Daniel Leidert at 2026-07-07T03:01:15+02:00
Add references for upstream commits for CVE-2025-65865,CVE-2025-63829/fastdds

There is a huge list of CVEs not in the security tracker:
https://github.com/eProsima/Fast-DDS/commit/d9f4b373c90179c96f3b1542e72f16e282ef0104
 (v3.6.2)
https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124282
 (v3.6.2)
https://github.com/eProsima/Fast-DDS/commit/aeba2db3640d1f79d9f1f0430b10a475ea4c47cb
 (master)

- - - - -
d2a548f6 by Daniel Leidert at 2026-07-07T03:17:10+02:00
Add reference to upstream issue report for CVE-2026-13500/antlr4

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -885,6 +885,8 @@ CVE-2026-12893 [gstreamer1-libav: gstreamer1-libav: NULL 
pointer dereference in
        - gst-libav1.0 <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491322 (not yet 
public)
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer-security/-/merge_requests/78
+       NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11802
+       NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0038.html
        TODO: check, from Red Hat only association with GStreamer gst-libav 
plugin is known
 CVE-2024-0234
        NOT-FOR-US: Podman Desktop
@@ -5678,6 +5680,7 @@ CVE-2026-13501 (A security vulnerability has been 
detected in antlr ANTLR4 up to
 CVE-2026-13500 (A weakness has been identified in antlr ANTLR4 up to 4.13.2. 
Affected  ...)
        - antlr4 <undetermined>
        NOTE: https://github.com/wooyun123/wooyun/issues/4
+       NOTE: https://github.com/antlr/antlr4/issues/4952
        TODO: check upstream reporting and status
 CVE-2026-13499 (A security flaw has been discovered in yashpokharna2555 
restaurent-man ...)
        NOT-FOR-US: yashpokharna2555 restaurent-management-system
@@ -108917,6 +108920,7 @@ CVE-2025-66845 (A reflected Cross-Site Scripting 
(XSS) vulnerability has been id
 CVE-2025-65865 (An integer overflow in eProsima Fast-DDS v3.3 allows attackers 
to caus ...)
        - fastdds <undetermined>
        TODO: check 
https://gist.github.com/lkloliver/7aa48cb9fc7a1dd74cb595212bb69d33, unclear if 
reported upstream
+       NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284
 (v3.6.2)
 CVE-2025-65713 (Home Assistant Core before v2025.8.0 is vulnerable to 
Directory Traver ...)
        NOT-FOR-US: Home Assistant Core
 CVE-2025-65410 (A stack overflow in the src/main.c component of GNU Unrtf 
v0.21.10 all ...)
@@ -122020,6 +122024,7 @@ CVE-2025-63829 (eProsima Fast-DDS v3.3 and before has 
an infinite loop vulnerabi
        - fastdds <unfixed> (unimportant)
        NOTE: https://github.com/lkloliver/poc/tree/main/CVE-2025-63829
        NOTE: https://github.com/eProsima/Fast-DDS/issues/6187
+       NOTE: Fixed by: 
https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284
 (v3.6.2)
        NOTE: Cannot be remotely triggered, negligible impact
 CVE-2025-63828 (Host Header Injection vulnerability in Backdrop CMS 1.32.1 
allows atta ...)
        - backdrop <itp> (bug #914257)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c2e696814db12c97921e2974f68dc620909b25fc...d2a548f6973cbf88b8676ebe1e16c6d9105ae492

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c2e696814db12c97921e2974f68dc620909b25fc...d2a548f6973cbf88b8676ebe1e16c6d9105ae492
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to