[Git][security-tracker-team/security-tracker][master] Reference upstream fix for CVE-2026-40611
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Apr 25 13:51:20 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d98b9268 by Salvatore Bonaccorso at 2026-04-25T14:50:41+02:00
Reference upstream fix for CVE-2026-40611
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3099,6 +3099,7 @@ CVE-2026-40611 (Let's Encrypt client and ACME library written in Go (Lego). Prio
[trixie] - golang-github-xenolf-lego <no-dsa> (Minor issue)
[bookworm] - golang-github-xenolf-lego <no-dsa> (Minor issue)
NOTE: https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8
+ NOTE: Fixed by: https://github.com/go-acme/lego/commit/aa6fcebccb73828e933c33363dccc0a93a101988 (v4.34.0)
CVE-2026-40608 (Next AI Draw.io is a next.js web application that integrates AI capabi ...)
NOT-FOR-US: Next.js
CVE-2026-40606 (mitmproxy is a interactive TLS-capable intercepting HTTP proxy for pen ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d98b9268845a81be2665df647407229eb46097e6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d98b9268845a81be2665df647407229eb46097e6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260425/d480ab72/attachment.htm>
More information about the debian-security-tracker-commits
mailing list