[Git][security-tracker-team/security-tracker][master] Update information for glibc issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jan 16 19:53:06 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef287c62 by Salvatore Bonaccorso at 2026-01-16T20:47:23+01:00
Update information for glibc issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -94,6 +94,9 @@ CVE-2026-0916 (The Related Posts by Taxonomy plugin for WordPress is vulnerable
CVE-2026-0915 (Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf ...)
- glibc <unfixed>
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33802
+ NOTE: https://www.openwall.com/lists/oss-security/2026/01/16/6
+ NOTE: Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=5f0e6fc702296840d2daa39f83f6cb1e40073d58
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=e56ff82d5034ec66c6a78f517af6faa427f65b0b
CVE-2026-0858 (Versions of the package net.sourceforge.plantuml:plantuml before 1.202 ...)
- plantuml <unfixed>
NOTE: https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEPLANTUML-14552230
@@ -640,6 +643,9 @@ CVE-2026-0861 (Passing too large an alignment to the memalign suite of functions
[trixie] - glibc <no-dsa> (Minor issue)
[bookworm] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33796
+ NOTE: https://www.openwall.com/lists/oss-security/2026/01/16/5
+ NOTE: Inroduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=9bf8e29ca136094f73f69f725f15c51facc97206 (glibc-2.30)
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=c9188d333717d3ceb7e3020011651f424f749f93
CVE-2026-0601 (A reflected cross-site scripting vulnerability exists in Nexus Reposit ...)
NOT-FOR-US: Sonatype
CVE-2026-0600 (Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Rep ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef287c62f296305edbf44ad30bbfdb0fe746a635
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef287c62f296305edbf44ad30bbfdb0fe746a635
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260116/59fe379b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list