[Git][security-tracker-team/security-tracker][master] Process some more rust-coreutils issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Apr 22 23:13:07 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4a42dc93 by Salvatore Bonaccorso at 2026-04-23T00:12:37+02:00
Process some more rust-coreutils issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -260,29 +260,50 @@ CVE-2026-35350 (The cp utility in uutils coreutils fails to properly handle setu
- rust-coreutils <unfixed>
NOTE: https://github.com/uutils/coreutils/issues/9750
CVE-2026-35349 (A vulnerability in the rm utility of uutils coreutils allows a bypass ...)
- TODO: check
+ - rust-coreutils 0.7.0-1
+ NOTE: https://github.com/uutils/coreutils/pull/9706
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/5e5968cdbc6618acd6c2402a8a98b503f278835e (0.7.0)
CVE-2026-35348 (The sort utility in uutils coreutils is vulnerable to a process panic ...)
- TODO: check
+ - rust-coreutils <unfixed>
+ NOTE: https://github.com/uutils/coreutils/issues/9696
CVE-2026-35347 (The comm utility in uutils coreutils incorrectly consumes data from no ...)
- TODO: check
+ - rust-coreutils 0.6.0-1
+ NOTE: https://github.com/uutils/coreutils/pull/9545
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/75f45e87e52ed95840494963ab9a28651165d56e (0.6.0)
CVE-2026-35346 (The comm utility in uutils coreutils silently corrupts data by perform ...)
- TODO: check
+ - rust-coreutils 0.6.0-1
+ NOTE: https://github.com/uutils/coreutils/issues/10192
+ NOTE: https://github.com/uutils/coreutils/pull/10206
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/b9372e509ea9b278fe13763237067a261bb8c946 (0.6.0)
CVE-2026-35345 (A vulnerability in the tail utility of uutils coreutils allows for the ...)
- TODO: check
+ - rust-coreutils <unfixed>
+ NOTE: https://github.com/uutils/coreutils/issues/10328
CVE-2026-35344 (The dd utility in uutils coreutils suppresses errors during file trunc ...)
- TODO: check
+ - rust-coreutils <unfixed>
+ NOTE: https://github.com/uutils/coreutils/issues/9745
CVE-2026-35343 (The cut utility in uutils coreutils incorrectly handles the -s (only-d ...)
- TODO: check
+ - rust-coreutils <unfixed>
+ NOTE: https://github.com/uutils/coreutils/pull/11143
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/9bbb58b746c41802278b0cba738eebbf21517cf7 (0.7.0)
CVE-2026-35342 (The mktemp utility in uutils coreutils fails to properly handle an emp ...)
- TODO: check
+ - rust-coreutils 0.6.0-1
+ NOTE: https://github.com/uutils/coreutils/pull/10566
+ NOTE: Fixed by (merge): https://github.com/uutils/coreutils/commit/eb25ec328b226d8fbbaa4058bf9187165bf06d51 (0.6.0)
CVE-2026-35341 (A vulnerability in uutils coreutils mkfifo allows for the unauthorized ...)
- TODO: check
+ - rust-coreutils <unfixed>
+ NOTE: https://github.com/uutils/coreutils/issues/10020
CVE-2026-35340 (A flaw in the ChownExecutor used by uutils coreutils chown and chgrp c ...)
- TODO: check
+ - rust-coreutils 0.6.0-1
+ NOTE: https://github.com/uutils/coreutils/pull/10035
+ NOTE: Fixed by; https://github.com/uutils/coreutils/commit/ebc08af9c34138f474b32ea0ef34bed3b086a3ed (0.6.0)
CVE-2026-35339 (The recursive mode (-R) of the chmod utility in uutils coreutils incor ...)
- TODO: check
+ - rust-coreutils 0.6.0-1
+ NOTE: https://github.com/uutils/coreutils/pull/9793
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/abd581f62e97d0b147306ac40eac13af71c6fbba (0.6.0)
CVE-2026-35338 (A vulnerability in the chmod utility of uutils coreutils allows users ...)
- TODO: check
+ - rust-coreutils <unfixed>
+ NOTE: https://github.com/uutils/coreutils/pull/10033
+ NOTE: Fixed by: https://github.com/uutils/coreutils/commit/413055b378fa6fe2299c5e5f538c8e6e841ab810
CVE-2026-34415 (Xerte Online Toolkits versions 3.15 and earlier contain an incomplete ...)
TODO: check
CVE-2026-34414 (Xerte Online Toolkits versions 3.15 and earlier contain a relative pat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a42dc93e656c27e100606a3458d9ed079c1d9d4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4a42dc93e656c27e100606a3458d9ed079c1d9d4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260422/3137ee0b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list