[Git][security-tracker-team/security-tracker][master] Add VE-2026-40556 for nano

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Apr 28 21:52:13 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f50d92bb by Salvatore Bonaccorso at 2026-04-28T22:43:19+02:00
Add VE-2026-40556 for nano

Note this is a duplicate assignment for CVE-2026-6842 which appeared
earlier, but it is not yet clear which is going to be kept. So duplicate
some information/notes on them.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -131,7 +131,11 @@ CVE-2026-40968 (When an authenticated user is denied access to a gRPC method, th
 CVE-2026-40966 (In Spring AI, an attacker can bypass conversation isolation and exfilt ...)
 	NOT-FOR-US: VMware
 CVE-2026-40556 (GNU nano creates the user\u2019s ~/.local directory with overly permis ...)
-	TODO: check
+	- nano 9.0-1
+	[trixie] - nano <no-dsa> (Minor issue)
+	[bookworm] - nano <no-dsa> (Minor issue)
+	NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/nano.git/commit/?id=cb43493e00e5777d2433ecf5db6402983b282d6f (v9.0)
+	NOTE: Duplicate CVE assignment for CVE-2026-6842.
 CVE-2026-40552 (mpGabinet is vulnerable to Remote Command Execution. An authorized use ...)
 	TODO: check
 CVE-2026-40551 (mpGabinet performs client-side authentication. An attacker with access ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f50d92bb4803a4ab2dc3f47bd33f94f04b80d562

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f50d92bb4803a4ab2dc3f47bd33f94f04b80d562
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/fb80827f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list