[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-23643
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Jan 28 22:16:37 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
02e83fcb by Salvatore Bonaccorso at 2026-01-28T23:15:30+01:00
Update status for CVE-2026-23643
As cakephp was removed at version 2.10.24-2 we had no version ever
released in unstable having the vulnerable code.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4292,8 +4292,7 @@ CVE-2026-23742 (Skipper is an HTTP router and reverse proxy for service composit
CVE-2026-23735 (GraphQL Modules is a toolset of libraries and guidelines dedicated to ...)
NOT-FOR-US: GraphQL Modules
CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The PaginatorHelper: ...)
- - cakephp <removed>
- [bullseye] - cakephp <not-affected> (Vulnerable code introduced later)
+ - cakephp <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/cakephp/cakephp/security/advisories/GHSA-qh8m-9qxx-53m5
NOTE: https://github.com/cakephp/cakephp/issues/19172
NOTE: Introduced by: https://github.com/cakephp/cakephp/commit/87b366cb714f6872e5609a9749ccbfd529886c1b (5.2.10)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02e83fcbe4e34914bd3bd0ac8c69a96fc207ce53
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/02e83fcbe4e34914bd3bd0ac8c69a96fc207ce53
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260128/4b426ece/attachment.htm>
More information about the debian-security-tracker-commits
mailing list