[Git][security-tracker-team/security-tracker][master] Add new pypdf issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Apr 23 09:08:40 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1ffab37b by Salvatore Bonaccorso at 2026-04-23T10:08:19+02:00
Add new pypdf issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -44,11 +44,23 @@ CVE-2026-41455 (WeKan before8.35 contains a server-side request forgery vulnerab
 CVE-2026-41454 (WeKan before8.35 contains a missing authorization vulnerability in the ...)
 	- wekan <itp> (bug #819238)
 CVE-2026-41314 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
-	TODO: check
+	- pypdf <unfixed>
+	- pypdf2 <removed>
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p
+	NOTE: https://github.com/py-pdf/pypdf/pull/3734
+	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11 (6.10.2)
 CVE-2026-41313 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
-	TODO: check
+	- pypdf <unfixed>
+	- pypdf2 <removed>
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw
+	NOTE: https://github.com/py-pdf/pypdf/pull/3735
+	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a (6.10.2)
 CVE-2026-41312 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
-	TODO: check
+	- pypdf <unfixed>
+	- pypdf2 <removed>
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f
+	NOTE: https://github.com/py-pdf/pypdf/pull/3734
+	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11 (6.10.2)
 CVE-2026-41243 (OpenLearn is open-source educational forum software. Prior to commit 8 ...)
 	NOT-FOR-US: OpenLearn
 CVE-2026-41233 (Froxlor is open source server administration software. Prior to versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ffab37be311664fdfd48f64f5cf5740afd715d3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1ffab37be311664fdfd48f64f5cf5740afd715d3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/eb26a1b6/attachment.htm>

More information about the debian-security-tracker-commits mailing list