[Git][security-tracker-team/security-tracker][master] new rust-openssl issues

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7e80b06a by Moritz Muehlenhoff at 2026-04-25T00:17:24+02:00
new rust-openssl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54,17 +54,26 @@ CVE-2026-42033 (Axios is a promise based HTTP client for the browser and Node.js
 CVE-2026-41907 (uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to ...)
 	TODO: check
 CVE-2026-41898 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
-	TODO: check
+	- rust-openssl <unfixed>
+	NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3
+	NOTE: https://github.com/rust-openssl/rust-openssl/pull/2607
+	NOTE: https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c (openssl-v0.10.78)
 CVE-2026-41681 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
-	TODO: check
+	- rust-openssl <unfixed>
+	NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
+	NOTE: https://github.com/rust-openssl/rust-openssl/pull/2608
+	NOTE: https://github.com/rust-openssl/rust-openssl/commit/826c3888b77add418b394770e2b2e3a72d9f92fe (openssl-v0.10.78)
 CVE-2026-41680 (Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a cri ...)
 	TODO: check
 CVE-2026-41678 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
-	TODO: check
+	- rust-openssl <unfixed>
+	NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
 CVE-2026-41677 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
-	TODO: check
+	- rust-openssl <unfixed>
+	NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
 CVE-2026-41676 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
-	TODO: check
+	- rust-openssl <unfixed>
+	NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
 CVE-2026-41492 (Dgraph is an open source distributed GraphQL database. Prior to 25.3.3 ...)
 	TODO: check
 CVE-2026-41416 (PJSIP is a free and open source multimedia communication library writt ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e80b06af067e02192c46adefd0383857a580649

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e80b06af067e02192c46adefd0383857a580649
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260424/e4a3433e/attachment.htm>