[Git][security-tracker-team/security-tracker][master] Add reference for libvpx issue
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 17 04:49:44 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c91061a6 by Salvatore Bonaccorso at 2026-02-17T05:48:58+01:00
Add reference for libvpx issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -53,6 +53,7 @@ CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects Firefo
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
NOTE: Firefox, Firefox ESR and Thunderbird use the system libvpx library
NOTE: Same issue as CVE-2026-1861/chromium
+ NOTE: https://issues.oss-fuzz.com/issues/476466137
NOTE: https://chromium.googlesource.com/webm/libvpx/+/d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1
TODO: check, libvpx might need a separate CVE for src:libvpx itself
CVE-2026-2415 (Emails sent by pretix can utilize placeholders that will be filled wit ...)
@@ -5244,6 +5245,7 @@ CVE-2026-1861 (Heap buffer overflow in libvpx in Google Chrome prior to 144.0.75
{DSA-6122-1}
- chromium 144.0.7559.109-2
[bullseye] - chromium <end-of-life> (see #1061268)
+ NOTE: https://issues.oss-fuzz.com/issues/476466137
NOTE: https://chromium.googlesource.com/webm/libvpx/+/d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1
CVE-2026-25616 (Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka ...)
NOT-FOR-US: Blesta
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c91061a63bdc73dd125de82438db90545a2e4425
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c91061a63bdc73dd125de82438db90545a2e4425
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260217/73422829/attachment.htm>
More information about the debian-security-tracker-commits
mailing list