[Git][security-tracker-team/security-tracker][master] Triage CVE-2026-6842 & CVE-2026-6843 in nano for bullseye LTS.

Chris Lamb (@lamby) lamby at debian.org
Thu Apr 30 19:55:48 BST 2026 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
26778767 by Chris Lamb at 2026-04-30T11:55:31-07:00
Triage CVE-2026-6842 & CVE-2026-6843 in nano for bullseye LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3471,6 +3471,7 @@ CVE-2026-6843 (A flaw was found in nano. A local user could exploit a format str
 	- nano 9.0-1
 	[trixie] - nano <no-dsa> (Minor issue)
 	[bookworm] - nano <no-dsa> (Minor issue)
+	[bullseye] - nano <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460017
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2455127
 	NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/nano.git/commit/?id=0b7328bce452bf1b0bbff81276425d4809a9b6fd (v9.0)
@@ -3478,6 +3479,7 @@ CVE-2026-6842 (A flaw was found in nano. In environments with permissive umask s
 	- nano 9.0-1
 	[trixie] - nano <no-dsa> (Minor issue)
 	[bookworm] - nano <no-dsa> (Minor issue)
+	[bullseye] - nano <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460018
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2455314
 	NOTE: Introduced with: https://cgit.git.savannah.gnu.org/cgit/nano.git/commit/?id=4200ed30036ead2bd6c10a39dbd5383f21124f5e (v2.9.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2677876797a9ac662989976e8812d517115fbd42

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2677876797a9ac662989976e8812d517115fbd42
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260430/94bc6cfa/attachment.htm>

More information about the debian-security-tracker-commits mailing list