[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Apr 25 12:13:03 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ce0d2735 by Moritz Muehlenhoff at 2026-04-25T13:11:48+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -159,16 +159,16 @@ CVE-2026-41492 (Dgraph is an open source distributed GraphQL database. Prior to
NOT-FOR-US: Dgraph
CVE-2026-41416 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f33g-8hjq-62xr
NOTE: https://github.com/pjsip/pjproject/commit/66fe416c96e957417621b7be16e9e587d159f9bb (2.17)
CVE-2026-41415 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-935m-fmf5-j4pm
NOTE: https://github.com/pjsip/pjproject/commit/4225a93c16661538005017883fbc8f1ea1d5f4b0 (2.17)
CVE-2026-41414 (Skim is a fuzzy finder designed to through files, lines, and commands. ...)
- - skim <unfixed>
+ - skim <unfixed> (bug #1134887)
NOTE: https://github.com/skim-rs/skim/security/advisories/GHSA-9g93-rxr5-xhqw
NOTE: https://github.com/skim-rs/skim/commit/bf63404ad51985b00ed304690ba9d477860a5a75
CVE-2026-41411 (Vim is an open source, command line text editor. Prior to 9.2.0357, A ...)
@@ -742,11 +742,11 @@ CVE-2026-6947 (DWM-222W USB Wi-Fi Adapter developed by D-Link has a Brute-Force
CVE-2026-6942 (radare2-mcp version 1.6.0 and earlier contains an os command injection ...)
NOT-FOR-US: radare2-mcp
CVE-2026-6941 (radare2 prior to 6.1.4 contains a path traversal vulnerability in its ...)
- - radare2 <unfixed>
+ - radare2 <unfixed> (bug #1134886)
NOTE: https://github.com/radareorg/radare2/commit/4bcdee725ff0754ed721a98789c0af371c5f32a4
NOTE: https://github.com/radareorg/radare2/pull/25831
CVE-2026-6940 (radare2 prior to 6.1.4 contains a path traversal vulnerability in proj ...)
- - radare2 <unfixed>
+ - radare2 <unfixed> (bug #1134885)
NOTE: https://github.com/radareorg/radare2/pull/25830
NOTE: https://github.com/radareorg/radare2/commit/e5fcf56fe038760c872c6dbed432602778fde1ed
CVE-2026-6810 (The Booking Calendar Contact Form plugin for WordPress is vulnerable t ...)
@@ -2649,7 +2649,7 @@ CVE-2026-40895 (follow-redirects is an open source, drop-in replacement for Node
NOTE: https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9 (v1.16.0)
CVE-2026-40892 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2wcg-w3c4-48r7
NOTE: https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687 (2.17)
CVE-2026-40890 (The package `github.com/gomarkdown/markdown` is a Go library for parsi ...)
@@ -3084,7 +3084,7 @@ CVE-2026-40865 (Horilla is a free and open source Human Resource Management Syst
NOT-FOR-US: Horilla
CVE-2026-40614 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-j59p-4xrr-fp8g
NOTE: https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e (2.17)
CVE-2026-40613 (Coturn is a free open source implementation of TURN and STUN Server. P ...)
@@ -12870,7 +12870,7 @@ CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This impac
NOTE: https://github.com/LibRaw/LibRaw/issues/794
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. This a ...)
- - libstb <unfixed>
+ - libstb <unfixed> (bug #1134888)
[trixie] - libstb <no-dsa> (Minor issue)
[bookworm] - libstb <no-dsa> (Minor issue)
NOTE: https://github.com/nothings/stb/issues/1928 (issue #15)
@@ -13691,7 +13691,7 @@ CVE-2026-34237 (MCP Java SDK is the official Java SDK for Model Context Protocol
NOT-FOR-US: MCP Java SDK
CVE-2026-34235 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-pqrm-53pc-wx28
NOTE: https://github.com/pjsip/pjproject/commit/f4c7d08211da1fe2ad1504434a0ad99d12aa7536
CVE-2026-34231 (Slippers is a UI component framework for Django. Prior to version 0.6. ...)
@@ -20124,7 +20124,7 @@ CVE-2026-33070 (FileRise is a self-hosted web file manager / WebDAV server. In v
NOT-FOR-US: FileRise
CVE-2026-33069 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-x5pq-qrp4-fmrj
NOTE: https://github.com/pjsip/pjproject/commit/f0fa32a226df5f87a9903093e5d145ebb69734db
CVE-2026-33068 (Claude Code is an agentic coding tool. Versions prior to 2.1.53 resolv ...)
@@ -20456,12 +20456,12 @@ CVE-2026-32946 (Harden-Runner is a CI/CD security agent that works like an EDR f
NOT-FOR-US: Harden-Runner
CVE-2026-32945 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-jr2p-p2w4-rr9q
NOTE: https://github.com/pjsip/pjproject/commit/5311aee398ae9d623829a6bad7b679a193c9e199
CVE-2026-32942 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-g88q-c2hm-q7p7
NOTE: https://github.com/pjsip/pjproject/issues/1451
NOTE: https://github.com/pjsip/pjproject/commit/c9caceddabda7f18337b2a82d25d65f6224b450a
@@ -26795,7 +26795,7 @@ CVE-2026-29073 (SiYuan is a personal knowledge management system. Prior to versi
NOT-FOR-US: SiYuan
CVE-2026-29068 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-pqww-jrxr-457f
NOTE: https://github.com/pjsip/pjproject/commit/6c9024511bf5307ff72efde1f90c9a2a226d8967
CVE-2026-29065 (changedetection.io is a free open source web page change detection too ...)
@@ -26850,7 +26850,7 @@ CVE-2026-28800 (Natro Macro is an open-source Bee Swarm Simulator macro written
NOT-FOR-US: Natro Macro
CVE-2026-28799 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fj4-fv9f-hjpc
NOTE: https://github.com/pjsip/pjproject/commit/e06ff6c64741cc1675fd3296615910f532f6b1a1
CVE-2026-28795 (OpenChatBI is an intelligent chat-based BI tool powered by large langu ...)
@@ -33117,7 +33117,7 @@ CVE-2026-26972 (OpenClaw is a personal AI assistant. In versions 2026.1.12 throu
NOT-FOR-US: OpenClaw
CVE-2026-26967 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-x2hc-6969-g8v6
NOTE: https://github.com/pjsip/pjproject/commit/f821c214e52b11bae11e4cd3c7f0864538fb5491
CVE-2026-26964 (Windmill is an open-source developer platform for internal code: APIs, ...)
@@ -33356,7 +33356,7 @@ CVE-2026-26205 (opa-envoy-plugun is a plugin to enforce OPA policies with Envoy.
NOT-FOR-US: opa-envoy-plugun
CVE-2026-26203 (PJSIP is a free and open source multimedia communication library. Vers ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p965-mf7j-gwv8
NOTE: Fixed by: https://github.com/pjsip/pjproject/commit/5aee54f09d4f91538d55279d7316591b28fded6c
CVE-2026-26202 (Penpot is an open-source design tool for design and code collaboration ...)
@@ -36478,7 +36478,7 @@ CVE-2026-25999 (Klaw is a self-service Apache Kafka Topic Management/Governance
NOT-FOR-US: Klaw
CVE-2026-25994 (PJSIP is a free and open source multimedia communication library writt ...)
- pjproject <removed>
- - asterisk <unfixed>
+ - asterisk <unfixed> (bug #1134884)
NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp
NOTE: Fixed by: https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0
CVE-2026-25935 (Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanc ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce0d27354d13fa7f227a177d30b196f39132dbb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce0d27354d13fa7f227a177d30b196f39132dbb9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260425/5aab794f/attachment.htm>
More information about the debian-security-tracker-commits
mailing list