[Git][security-tracker-team/security-tracker][master] Update status on two nano issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Apr 26 14:43:08 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
35fcbb6b by Salvatore Bonaccorso at 2026-04-26T15:42:48+02:00
Update status on two nano issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1555,15 +1555,16 @@ CVE-2026-6844 (A flaw was found in the `readelf` utility of the binutils package
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460016
NOTE: binutils not covered by security support
CVE-2026-6843 (A flaw was found in nano. A local user could exploit a format string v ...)
- - nano <unfixed>
+ - nano 9.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460017
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2455127
- TODO: check reported upstream?
+ NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/nano.git/commit/?id=0b7328bce452bf1b0bbff81276425d4809a9b6fd (v9.0)
CVE-2026-6842 (A flaw was found in nano. In environments with permissive umask settin ...)
- - nano <unfixed>
+ - nano 9.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460018
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2455314
- TODO: check reported upstream?
+ NOTE: Introduced with: https://cgit.git.savannah.gnu.org/cgit/nano.git/commit/?id=4200ed30036ead2bd6c10a39dbd5383f21124f5e (v2.9.1)
+ NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/nano.git/commit/?id=cb43493e00e5777d2433ecf5db6402983b282d6f (v9.0)
CVE-2026-6515 (GitLab has remediated an issue in GitLab CE/EE affecting all versions ...)
- gitlab <not-affected> (Only affects 18.x)
CVE-2026-6396 (The Fast & Fancy Filter \u2013 3F plugin for WordPress is vulnerable t ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35fcbb6b15f6507ee8fda1df7f284e316d881a4e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35fcbb6b15f6507ee8fda1df7f284e316d881a4e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260426/d272f8c1/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list