[Git][security-tracker-team/security-tracker][master] Add one systemd issue without CVE yet

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a56a5b27 by Salvatore Bonaccorso at 2026-04-05T17:12:53+02:00
Add one systemd issue without CVE yet

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2026-XXXX [Local unprivileged user can trigger an assert in systemd when a Delegate=yes and User=<unset> unit exists and is running]
+	- systemd 260~rc1-1
+	[trixie] - systemd <not-affected> (Vulnerable code not present)
+	[bookworm] - systemd <not-affected> (Vulnerable code not present)
+	[bullseye] - systemd <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/systemd/systemd/security/advisories/GHSA-x4h8-rrrg-q78f
+	NOTE: Introduced with: https://github.com/systemd/systemd/commit/59857b672ca6a3a9253ef9c888172c5e68243160 (v258-rc1)
+	NOTE: Fixed by: https://github.com/systemd/systemd/commit/05f5156ad1a3b84b54c104ee375b9ce7b746e0cd (v260-rc1)
 CVE-2026-5590 (A race condition during TCP connection teardown can cause tcp_recv() t ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-5546 (A flaw has been found in Campcodes Complete Online Learning Management ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a56a5b27e85ae8db7495f308598caad61eeb57a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a56a5b27e85ae8db7495f308598caad61eeb57a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260405/28950b2d/attachment.htm>