[Git][security-tracker-team/security-tracker][master] Add upstream commit references for CVE-2026-3381{2,3}
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 25 13:44:48 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
473f1cca by Salvatore Bonaccorso at 2026-04-25T14:42:32+02:00
Add upstream commit references for CVE-2026-3381{2,3}
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2885,11 +2885,13 @@ CVE-2026-33813 (Parsing a WEBP image with an invalid, large size panics on 32-bi
[bullseye] - golang-golang-x-image <no-dsa> (Limited support; minor issue)
NOTE: https://go-review.googlesource.com/c/image/+/759860
NOTE: https://github.com/golang/go/issues/78407
+ NOTE: Fixed by: https://github.com/golang/image/commit/96edba0fa84213a8c3cefe5d25fcc0a7c75b6a66 (v0.39.0)
CVE-2026-33812 (Parsing a malicious font file can cause excessive memory allocation.)
- golang-golang-x-image 0.39.0-1
[bullseye] - golang-golang-x-image <no-dsa> (Limited support; minor issue)
NOTE: https://go-review.googlesource.com/c/image/+/761180
NOTE: https://github.com/golang/go/issues/78382
+ NOTE: Fixed by: https://github.com/golang/image/commit/854c274048e554becaf644d85366fc2f0a91a3fb (v0.39.0)
CVE-2026-33519 (An incorrect authorization vulnerability exists in Esri Portal for Arc ...)
NOT-FOR-US: Esri
CVE-2026-33518 (An incorrect privilege assignment vulnerability exists in Esri Portal ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/473f1cca86b03d3c71d025cde31ce66ff44a8712
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/473f1cca86b03d3c71d025cde31ce66ff44a8712
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260425/d1091eeb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list