[Git][security-tracker-team/security-tracker][master] Add two new issues in golang-opentelemetry-otel
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Jun 5 08:13:21 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6bcb0b01 by Salvatore Bonaccorso at 2026-06-05T09:12:55+02:00
Add two new issues in golang-opentelemetry-otel
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -132,7 +132,10 @@ CVE-2026-45432 (This vulnerability exists in GX Earth ONT models due to the tran
CVE-2026-45431 (This vulnerability exists in GX Earth ONT models due to improper handl ...)
NOT-FOR-US: GX Earth ONT models
CVE-2026-45287 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to v ...)
- TODO: check
+ - golang-opentelemetry-otel <unfixed>
+ NOTE: https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-995v-fvrw-c78m
+ NOTE: Introduced with: https://github.com/open-telemetry/opentelemetry-go/commit/e72a235518cb773137efd80336a179028bc34684
+ NOTE: Fixed by: https://github.com/open-telemetry/opentelemetry-go/commit/f12d198f161b61735d65705248715aa97021ba8d (v1.44.0)
CVE-2026-44682 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...)
NOT-FOR-US: Acronis
CVE-2026-44609 (Local privilege escalation due to EXE hijacking vulnerability. The fol ...)
@@ -166,7 +169,9 @@ CVE-2026-41234 (Froxlor is open source server administration software. Prior to
CVE-2026-41207 (The netty incubator codec.bhttp is a java language binary http parser. ...)
NOT-FOR-US: netty-incubator-codec-ohttp
CVE-2026-41178 (OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1 ...)
- TODO: check
+ - golang-opentelemetry-otel <unfixed>
+ NOTE: https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-5wrp-cwcj-q835
+ NOTE: https://github.com/open-telemetry/opentelemetry-go/pull/7880
CVE-2026-41065 (Tautulli is a Python based monitoring and tracking tool for Plex Media ...)
NOT-FOR-US: Tautulli
CVE-2026-41011 (PackagePersister.validate_tgz builds "tar -tf #{tgz} 2>&1" where tgz = ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bcb0b0110c24119546d56fb605cd1493bb54897
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6bcb0b0110c24119546d56fb605cd1493bb54897
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260605/b3fed508/attachment.htm>
More information about the debian-security-tracker-commits
mailing list