[Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-2648{6,7}/vega.js

Fri Jan 9 20:55:17 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
40667192 by Salvatore Bonaccorso at 2026-01-09T21:54:43+01:00
Update information for CVE-2023-2648{6,7}/vega.js

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -279629,9 +279629,12 @@ CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In affect
 CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...)
 	NOT-FOR-US: OpenZeppelin
 CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	NOT-FOR-US: Vega
+	- vega.js 5.25.0+ds+~cs5.3.0-1
+	NOTE: https://github.com/vega/vega/security/advisories/GHSA-w5m3-xh75-mp55
+	NOTE: https://github.com/vega/vega/commit/01adb034f24727d3bb321bbbb6696a7f4cd91689 (v5.23.0)
 CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...)
-	NOT-FOR-US: Vega
+	- vega.js 5.25.0+ds+~cs5.3.0-1
+	NOTE: https://github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4
 CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...)
 	- cmark-gfm 0.29.0.gfm.13-1 (bug #1034171)
 	[bookworm] - cmark-gfm <ignored> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/406671921f45302627eff317b3f1a7ab4cfd30ed

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/406671921f45302627eff317b3f1a7ab4cfd30ed
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260109/12d6c17a/attachment.htm>
