[Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug reference for libvpx issue
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Feb 17 12:53:49 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bdff08c8 by Salvatore Bonaccorso at 2026-02-17T13:53:35+01:00
Add Debian bug reference for libvpx issue
- - - - -
0a8548ec by Salvatore Bonaccorso at 2026-02-17T13:53:36+01:00
Remove todo item for libvpx issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80,7 +80,7 @@ CVE-2026-2451 (Emails sent by pretix can utilize placeholders that will be fille
CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects Firefox < 1 ...)
- firefox 147.0.4-1 (unimportant)
- firefox-esr <unfixed> (unimportant)
- - libvpx <unfixed>
+ - libvpx <unfixed> (bug #1128283)
- thunderbird <unfixed> (unimportant)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-11/
@@ -88,7 +88,6 @@ CVE-2026-2447 (Heap buffer overflow in libvpx. This vulnerability affects Firefo
NOTE: Same issue as CVE-2026-1861/chromium
NOTE: https://issues.oss-fuzz.com/issues/476466137
NOTE: https://chromium.googlesource.com/webm/libvpx/+/d5f35ac8d93cba7f7a3f7ddb8f9dc8bd28f785e1
- TODO: check, libvpx might need a separate CVE for src:libvpx itself
CVE-2026-2415 (Emails sent by pretix can utilize placeholders that will be filled wit ...)
NOT-FOR-US: rami.io products
CVE-2026-2101 (A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAv ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b1d3e50ae0490e3ee1b31ce6d982779388237108...0a8548ecf8fb38a60cfc501a8169c4ee5cd0a726
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b1d3e50ae0490e3ee1b31ce6d982779388237108...0a8548ecf8fb38a60cfc501a8169c4ee5cd0a726
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260217/0eac84c2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list