[Git][security-tracker-team/security-tracker][master] Add CVE-2026-24116/rust-wasmtime

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jan 27 22:08:42 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
08108a39 by Salvatore Bonaccorso at 2026-01-27T23:08:12+01:00
Add CVE-2026-24116/rust-wasmtime

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -125,7 +125,13 @@ CVE-2026-24345 (Cross-Site Request Forgery in Admin UI of EZCast Pro II version
 CVE-2026-24344 (MultipleBuffer Overflows in Admin UI of EZCast Pro II version 1.17478. ...)
 	NOT-FOR-US: EZCast Pro II
 CVE-2026-24116 (Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and  ...)
-	TODO: check
+	- rust-wasmtime <unfixed>
+	[trixie] - rust-wasmtime <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73
+	NOTE: https://github.com/bytecodealliance/wasmtime/commit/ac92d9bb729ad3a6d93f0724c4c33a0c4a9c0227 (v36.0.5)
+	NOTE: https://github.com/bytecodealliance/wasmtime/commit/728fa07184f8da2a046f48ef9b61f869dce133a6 (v40.0.3)
+	NOTE: https://github.com/bytecodealliance/wasmtime/commit/799585fc362fcb991de147dd1a9f2ba0861ed440 (v41.0.1)
+	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0006.html
 CVE-2026-23892 (OctoPrint provides a web interface for controlling consumer 3D printer ...)
 	- octoprint <itp> (bug #718591)
 CVE-2026-23881 (Kyverno is a policy engine designed for cloud native platform engineer ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08108a397351effb49d3c6a4d48e184955c70ac8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08108a397351effb49d3c6a4d48e184955c70ac8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260127/915f0115/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list