[Git][security-tracker-team/security-tracker][master] CVE assigned for one varnish issue

Wed Jun 3 08:24:16 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2b82269f by Salvatore Bonaccorso at 2026-06-03T09:23:52+02:00
CVE assigned for one varnish issue

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16,8 +16,6 @@ CVE-2026-5074 (The ARMember Premium plugin for WordPress is vulnerable to SQL In
 	NOT-FOR-US: WordPress plugin
 CVE-2026-5073 (The ARMember Premium plugin for WordPress is vulnerable to SQL Injecti ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2026-50052 (In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficien ...)
-	TODO: check
 CVE-2026-50031 (ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on ...)
 	TODO: check
 CVE-2026-49448 (authentik is an open-source identity provider. Prior to versions 2025. ...)
@@ -10211,9 +10209,8 @@ CVE-2026-8946 (Incorrect boundary conditions in the Audio/Video: Web Codecs comp
 CVE-2026-8945 (Sandbox escape in Firefox and Firefox Focus for Android. This vulnerab ...)
 	- firefox <not-affected> (Only affects Firefox on Android)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-46/#CVE-2026-8945
-CVE-2026-XXXX [VSV00019]
+CVE-2026-50052 [VSV00019]
 	- varnish <unfixed>
-	[trixie] - varnish 7.7.0-3+deb13u1
 	[bookworm] - varnish <not-affected> (Vulnerable code not present, introduced in 7.6)
 	[bullseye] - varnish <not-affected> (Vulnerable code not present, introduced in 7.6)
 	NOTE: https://vinyl-cache.org/security/VSV00019.html


=====================================
data/DSA/list
=====================================
@@ -53,7 +53,7 @@
 	{CVE-2026-33278 CVE-2026-42944 CVE-2026-42959 CVE-2026-32792 CVE-2026-40622 CVE-2026-41292 CVE-2026-42534 CVE-2026-42923 CVE-2026-42960 CVE-2026-44390 CVE-2026-44608}
 	[trixie] - unbound 1.22.0-2+deb13u3
 [27 May 2026] DSA-6303-1 varnish - security update
-	{CVE-2025-8671}
+	{CVE-2025-8671 CVE-2026-50052}
 	[trixie] - varnish 7.7.0-3+deb13u1
 [27 May 2026] DSA-6302-1 starlette - security update
 	{CVE-2026-48710}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b82269f37ca4da29158d4afe65f020080d36c50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2b82269f37ca4da29158d4afe65f020080d36c50
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260603/6633b0bf/attachment.htm>
