[Git][security-tracker-team/security-tracker][master] Add CVE-2026-45729/thorvg

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
929d3e8d by Salvatore Bonaccorso at 2026-06-01T21:37:47+02:00
Add CVE-2026-45729/thorvg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -65,7 +65,11 @@ CVE-2026-46605 (Incomplete authorization by Apache ActiveMQ server before versio
 CVE-2026-45810 (Nextcloud is an open source content collaboration platform. In Nextclo ...)
 	TODO: check
 CVE-2026-45729 (Thor Vector Graphics (ThorVG) is a production-ready vector graphics en ...)
-	TODO: check
+	- thorvg <unfixed>
+	NOTE: https://github.com/thorvg/thorvg/security/advisories/GHSA-f863-8ghq-7h64
+	NOTE: https://github.com/thorvg/thorvg/pull/4387
+	NOTE: Fixed by: https://github.com/thorvg/thorvg/commit/159f44fd5e3d2eea1b3a70689a894e657e2bb079
+	NOTE: Fixed by: https://github.com/thorvg/thorvg/commit/599db59600aefab904fc8465bd86ac29e1de168c (v1.0.5)
 CVE-2026-45727 (CloakBrowser is a tool to bypass bot detection tests. Prior to version ...)
 	NOT-FOR-US: CloakBrowser
 CVE-2026-45722 (Nextcloud is an open source content collaboration platform. From versi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/929d3e8d6b5a7eaca33127c03c1b1131ad6a6f04

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/929d3e8d6b5a7eaca33127c03c1b1131ad6a6f04
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/d6cbcf89/attachment.htm>