[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Apr 26 12:44:40 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e8866b1e by Moritz Muehlenhoff at 2026-04-26T13:43:40+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -128,7 +128,7 @@ CVE-2026-6951 (Versions of the package simple-git before 3.36.0 are vulnerable t
 CVE-2026-6175
 	REJECTED
 CVE-2026-42171 (NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes ...)
-	- nsis <unfixed>
+	- nsis <unfixed> (bug #1134955)
 	NOTE: Fixed by: https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca (v312)
 CVE-2026-41894 (SiYuan is an open-source personal knowledge management system. Prior t ...)
 	NOT-FOR-US: SiYuan
@@ -185,7 +185,7 @@ CVE-2026-XXXX [RUSTSEC-2026-0104]
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0104.html
 	NOTE: https://github.com/advisories/GHSA-82j2-j2ch-gfr8
 CVE-2026-42254 [RUSTSEC-2026-0106]
-	- rust-hickory-recursor <unfixed>
+	- rust-hickory-recursor <unfixed> (bug #1134954)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0106.html
 	NOTE: https://github.com/hickory-dns/hickory-dns/security/advisories/GHSA-83hf-93m4-rgwq
 CVE-2026-XXXX [RUSTSEC-2026-0109]
@@ -193,7 +193,7 @@ CVE-2026-XXXX [RUSTSEC-2026-0109]
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0109.html
 	NOTE: https://gitlab.com/sequoia-pgp/sequoia-git/-/commit/f9c9074bd80023456221f09c3c4ff19957ee9c58 (0.6.0)
 CVE-2026-XXXX [RUSTSEC-2026-0111]
-	- rust-diesel <unfixed>
+	- rust-diesel <unfixed> (bug #1134947)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0111.html
 	NOTE: https://github.com/diesel-rs/diesel/pull/5042
 CVE-2026-6912 (Improperly controlled modification of dynamically-determined object at ...)
@@ -15514,13 +15514,13 @@ CVE-2026-28786 (Open WebUI is a self-hosted artificial intelligence platform des
 CVE-2026-28375 (A testdata data-source can be used to trigger out-of-memory crashes in ...)
 	- grafana <removed>
 CVE-2026-28369 (A flaw was found in Undertow. When Undertow receives an HTTP request w ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1134952)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443262
 CVE-2026-28368 (A flaw was found in Undertow. This vulnerability allows a remote attac ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1134951)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443261
 CVE-2026-28367 (A flaw was found in Undertow. A remote attacker can exploit this vulne ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1134950)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443260
 CVE-2026-27880 (The OpenFeature feature toggle evaluation endpoint reads unbounded val ...)
 	- grafana <removed>
@@ -18793,7 +18793,7 @@ CVE-2026-3533 (The Jupiter X Core plugin for WordPress is vulnerable to limited
 CVE-2026-3509 (An unauthenticated remote attacker may be able to control the format s ...)
 	NOT-FOR-US: CODESYS
 CVE-2026-3260 (A flaw was found in Undertow. A remote attacker could exploit this vul ...)
-	- undertow <unfixed>
+	- undertow <unfixed> (bug #1134949)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2443010
 CVE-2026-3225 (The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vul ...)
 	NOT-FOR-US: WordPress plugin
@@ -31990,7 +31990,7 @@ CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a se
 	NOTE: Fixed by: https://github.com/strukturag/libde265/commit/8b17e0930f77db07f55e0b89399a8f054ddbecf7
 	NOTE: Only applies to argument parsing
 CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a memory leak  ...)
-	- libsixel <unfixed>
+	- libsixel <unfixed> (bug #1134953)
 	[trixie] - libsixel <no-dsa> (Minor issue)
 	[bookworm] - libsixel <no-dsa> (Minor issue)
 	[bullseye] - libsixel <postponed> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8866b1e8569f7369669c0e2cea83cd2137f917d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8866b1e8569f7369669c0e2cea83cd2137f917d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260426/a49f3ff5/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list