[Git][security-tracker-team/security-tracker][master] Process two new issues in quickjs(-ng)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jan 11 06:26:35 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d5e79d14 by Salvatore Bonaccorso at 2026-01-11T07:26:01+01:00
Process two new issues in quickjs(-ng)
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3,9 +3,17 @@ CVE-2026-0831 (The Templately plugin for WordPress is vulnerable to Arbitrary Fi
CVE-2026-0824 (A security flaw has been discovered in questdb ui up to 1.11.9. Impact ...)
NOT-FOR-US: questdb ui
CVE-2026-0822 (A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. Thi ...)
- TODO: check
+ - quickjs <unfixed>
+ NOTE: https://github.com/quickjs-ng/quickjs/issues/1297
+ NOTE: https://github.com/quickjs-ng/quickjs/pull/1298
+ NOTE: Fixed by: https://github.com/quickjs-ng/quickjs/commit/53eefbcd695165a3bd8c584813b472cb4a69fbf5
+ TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng, #1120722
CVE-2026-0821 (A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. Thi ...)
- TODO: check
+ - quickjs <unfixed>
+ NOTE: https://github.com/quickjs-ng/quickjs/issues/1296
+ NOTE: https://github.com/quickjs-ng/quickjs/pull/1299
+ NOTE: Fixed by: https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5
+ TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng, #1120722
CVE-2025-62235 (Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Rec ...)
TODO: check
CVE-2025-53477 (NULL Pointer Dereference vulnerability in Apache Nimble. Missing vali ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5e79d145d6b62c33c5b50f1f8b60ae3ce50fe24
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d5e79d145d6b62c33c5b50f1f8b60ae3ce50fe24
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260111/e0e45700/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list