[Git][security-tracker-team/security-tracker][master] also track CVE-2026-23949 for setuptools, thanks to jpfc for the note

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jan 22 14:19:36 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1e21ae8b by Moritz Muehlenhoff at 2026-01-22T15:19:23+01:00
also track CVE-2026-23949 for setuptools, thanks to jpfc for the note

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -732,9 +732,13 @@ CVE-2026-23949 (jaraco.context, an open-source software package that provides so
 	- jaraco.context 6.0.1-2 (bug #1126078)
 	[trixie] - jaraco.context <no-dsa> (Minor issue)
 	[bookworm] - jaraco.context <not-affected> (Vulnerable code not present)
+	- setuptools <unfixed>
+	[bookworm] - setuptools <not-affected> (Vulnerable code not present, bundled jaraco.context too old)
+	[bullseye] - setuptools <not-affected> (Vulnerable code not present, bundled jaraco.context too old)
 	NOTE: https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2
 	NOTE: Introduced with: https://github.com/jaraco/jaraco.context/commit/e13fc7f2b379683c326153a3d6f4d2800f812fd0 (v5.2.0)
 	NOTE: Fixed by: https://github.com/jaraco/jaraco.context/commit/7b26a42b525735e4085d2e994e13802ea339d5f9 (v6.1.0)
+	NOTE: setuptools includes a bundled version
 CVE-2026-23947 (Orval generates type-safe JS clients (TypeScript) from any valid OpenA ...)
 	NOT-FOR-US: Orval
 CVE-2026-23944 (Arcane is an interface for managing Docker containers, images, network ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e21ae8b97608ababd94da0004c02fdc03e93a83

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1e21ae8b97608ababd94da0004c02fdc03e93a83
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/44d5e178/attachment.htm>

More information about the debian-security-tracker-commits mailing list