[Git][security-tracker-team/security-tracker][master] krb5: CVE-2026-40355 and CVE-2026-40356

Emmanuel Arias (@eamanu) eamanu at debian.org
Wed Jun 3 02:16:12 BST 2026 


Emmanuel Arias pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a122e94c by Emmanuel Arias at 2026-06-02T22:15:42-03:00
krb5: CVE-2026-40355 and CVE-2026-40356

Mark buster and stretch as not affected. The vulnerable code
is not present.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24027,10 +24027,14 @@ CVE-2026-40967 (In Spring AI, various FilterExpressionConverter implementations
 	NOT-FOR-US: VMware
 CVE-2026-40356 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underf ...)
 	{DSA-6293-1 DLA-4603-1}
+        [buster] - krb5 <not-affected> (Vulnerable code not present)
+        [stretch] - krb5 <not-affected> (Vulnerable code not present)
 	- krb5 1.22.1-2.1 (bug #1135317)
 	NOTE: https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f
 CVE-2026-40355 (In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer de ...)
 	{DSA-6293-1 DLA-4603-1}
+        [buster] - krb5 <not-affected> (Vulnerable code not present)
+        [stretch] - krb5 <not-affected> (Vulnerable code not present)
 	- krb5 1.22.1-2.1 (bug #1135317)
 	NOTE: https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f
 CVE-2026-3087 (If `shutil.unpack_archive()` is given a ZIP archive with an absolute W ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a122e94c58beb8be6e06d2665fd5bc2a13d18bb0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a122e94c58beb8be6e06d2665fd5bc2a13d18bb0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260603/fba4f115/attachment.htm>

More information about the debian-security-tracker-commits mailing list