[Git][security-tracker-team/security-tracker][master] Update trcking for CVE-2026-22185/{openldap,lmdb}

Fri Jan 9 07:57:27 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77371ffc by Salvatore Bonaccorso at 2026-01-09T08:56:49+01:00
Update trcking for CVE-2026-22185/{openldap,lmdb}

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -331,10 +331,13 @@ CVE-2026-22186 (Bio-Formats versions up to and including 8.3.0 contain an XML Ex
 	NOT-FOR-US: Bio-Formats
 CVE-2026-22185 (OpenLDAP Lightning Memory-Mapped Database (LMDB) versions up to and in ...)
 	- openldap <unfixed> (unimportant)
+	- lmdb <unfixed>
+	[trixie] - lmdb <no-dsa> (Minor issue)
+	[bookworm] - lmdb <no-dsa> (Minor issue)
 	NOTE: https://seclists.org/fulldisclosure/2026/Jan/5
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=10421
 	NOTE: Fixed by: https://git.openldap.org/openldap/openldap/-/commit/8e1fda85532a3c74276df38a42d234dcdfa1e40d (
-	NOTE: Crash in CLI tool, no security impact
+	NOTE: OpenLDAP bundles lmdb but does not build mdb_load.c
 CVE-2026-22184 (zlib versions up to and including 1.3.1.2 contain a global buffer over ...)
 	- zlib 1:1.2.6.dfsg-1 (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/01/06/5



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77371ffcebf0bfcec60f8b3d5a03c0ef880e840c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77371ffcebf0bfcec60f8b3d5a03c0ef880e840c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260109/34f0c702/attachment.htm>
