[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-41409

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 28 20:05:07 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88bcb520 by Salvatore Bonaccorso at 2026-04-28T21:03:19+02:00
Update status for CVE-2026-41409

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -364,8 +364,10 @@ CVE-2026-41462 (ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated
 	NOT-FOR-US: ProjeQtor
 CVE-2026-41409 (The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() ...)
 	- mina2 <unfixed>
-	- mina <removed>
+	[bookworm] - mina2 <not-affected> (Incomplete fix for CVE-2026-41409 not applied)
+	- mina <not-affected> (Incomplete fix for CVE-2026-41409 not applied)
 	NOTE: https://lists.apache.org/thread/9ddvsq6c4l5bhwq8l14sob4f8qjvx5c9
+	NOTE: Issue exists because of an incomplete fix for CVE-2026-41409
 CVE-2026-41081 (Improper Handling of TLS Client Authentication Failure Leading to Anon ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40860 (JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBi ...)
@@ -181563,6 +181565,7 @@ CVE-2024-52046 (The ObjectSerializationDecoder in Apache MINA uses Java\u2019s n
 	NOTE: https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8
 	NOTE: https://github.com/apache/mina/commit/f9cc5ada6ebef4ee7cc51aac824e42e2e422310e (2.2.4)
 	NOTE: https://github.com/apache/mina/commit/cdb59eb6131696a440870ab89ad0e20804eb5ca7 (2.1.10)
+	NOTE: When fixing this issue make sure to make the fix complete to not open up CVE-2026-41409.
 CVE-2024-47978 (Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unne ...)
 	NOT-FOR-US: Dell
 CVE-2024-47102 (IBM AIX7.2, 7.3, VIOS 3.1, and 4.1  could allow a non-privileged local ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88bcb520ef91641297aa92cf6b130e44b20c9fb8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88bcb520ef91641297aa92cf6b130e44b20c9fb8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/48edf044/attachment.htm>

More information about the debian-security-tracker-commits mailing list