[Git][security-tracker-team/security-tracker][master] Document followup for CVE-2026-2239
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Feb 16 16:05:10 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d83bb726 by Salvatore Bonaccorso at 2026-02-16T17:03:16+01:00
Document followup for CVE-2026-2239
This is not covered strictly by the CVE, but the same poc provided
upstream uncovered another issue producing a crash in the psd plugin. So
document the required followup under the same CVE.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2910,6 +2910,8 @@ CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no nul
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cf2772f5631719ae0e4e701bd7ef793b1f59cfa (master)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae (gimp-3-0 branch)
+ NOTE: Followup (not strictly part of the CVE, but a second problem exposed):
+ NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/02886e626df5e4c5f73f838a64fd3f21809dda09
CVE-2026-1609
- keycloak <itp> (bug #1088287)
CVE-2025-11537 (A flaw was found in Keycloak. When the logging format is configured to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d83bb726a690e2b3aadd980121a49f9f145204e1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d83bb726a690e2b3aadd980121a49f9f145204e1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260216/ead5f44d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list