[Git][security-tracker-team/security-tracker][master] Add initial tracking for four new exim4 issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Apr 30 04:49:33 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b7441d5b by Salvatore Bonaccorso at 2026-04-30T05:49:16+02:00
Add initial tracking for four new exim4 issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2026-40684 [Possible crash with malicious DNS data when using musl libc]
+ - exim4 4.99.2-1
+CVE-2026-40685 [Possible OOB read/write on corrupt JSON in header]
+ - exim4 4.99.2-1
+CVE-2026-40686 [Possible OOB read with large UTF8 trailing characters]
+ - exim4 4.99.2-1
+CVE-2026-40687 [Possible OOB read/write with SPA authenticator]
+ - exim4 4.99.2-1
CVE-2026-7466 (AgentFlow contains an arbitrary code execution vulnerability that allo ...)
NOT-FOR-US: AgentFlow
CVE-2026-7439 (AgentFlow's local web API accepts non-JSON content types on POST /api/ ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7441d5b8c2c73c6fbd7df01e87ec5184a1e3921
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7441d5b8c2c73c6fbd7df01e87ec5184a1e3921
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/a78a30bb/attachment.htm>
More information about the debian-security-tracker-commits
mailing list