[Git][security-tracker-team/security-tracker][master] automatic update

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ee3dec84 by security tracker role at 2026-06-06T19:13:31+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2026-11441 (A vulnerability was identified in theonedev onedev up to 15.0.5. This  ...)
+	TODO: check
+CVE-2026-11440 (A vulnerability was determined in theonedev onedev up to 15.0.5. This  ...)
+	TODO: check
+CVE-2026-11439 (A vulnerability was found in theonedev onedev up to 15.0.5. Affected b ...)
+	TODO: check
+CVE-2026-11438 (A vulnerability has been found in theonedev onedev up to 15.0.5. Affec ...)
+	TODO: check
+CVE-2026-11437 (A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected  ...)
+	TODO: check
+CVE-2026-11436 (A vulnerability was detected in Mage AI up to 0.9.79. This impacts the ...)
+	TODO: check
+CVE-2026-11435 (A security vulnerability has been detected in Jinher OA 1.0. This affe ...)
+	TODO: check
+CVE-2026-11434 (A weakness has been identified in FluentCMS 0.0.5. The impacted elemen ...)
+	TODO: check
+CVE-2026-11413 (A security vulnerability has been detected in JingDong JD Cloud Box AX ...)
+	TODO: check
+CVE-2026-11412 (A weakness has been identified in Jinher OA C6. The affected element i ...)
+	TODO: check
+CVE-2026-11411 (A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on An ...)
+	TODO: check
+CVE-2026-11408 (A vulnerability was identified in vertex-app vertex up to 2026.02.12.  ...)
+	TODO: check
+CVE-2026-11406 (A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vul ...)
+	TODO: check
 CVE-2026-9851 (The Booking Package plugin for WordPress is vulnerable to Privilege Es ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-9829 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
@@ -2806,7 +2832,7 @@ CVE-2026-42504 (Decoding a maliciously-crafted MIME header containing many inval
 	NOTE: https://github.com/golang/go/issues/79217
 	NOTE: https://github.com/golang/go/commit/7f24db453a60faf6a3546d60bb02917a0a7aace0 (go1.26.4)
 	NOTE: https://github.com/golang/go/commit/b79e0339290e14b3b2de1dc4942b8a88701ddb02 (go1.25.11)
-CVE-2026-10725 [vulnerable to a HTTP/2 Bomb]
+CVE-2026-10725 (Protocol::HTTP2 versions through 1.12 for Perl is vulnerable to a HTTP ...)
 	- libprotocol-http2-perl 1.12-2
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40751319/
 	NOTE: https://security.metacpan.org/patches/P/Protocol-HTTP2/1.12/CVE-2026-10725-r1.patch
@@ -2818,6 +2844,7 @@ CVE-2026-XXXX [HTTP/2 Bomb denial of service]
 	NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
 	NOTE: https://github.com/nginx/nginx/commit/365694160a85229a7cb006738de9260d49ff5fa2 (release-1.29.8)
 CVE-2026-49975
+	{DSA-6323-1}
 	- apache2 2.4.67-2 (bug #1138750)
 	NOTE: https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
 	NOTE: https://github.com/icing/mod_h2/pull/324
@@ -12064,11 +12091,13 @@ CVE-2025-11954 (Cross-Site request forgery (CSRF) vulnerability in Sitemio Infor
 CVE-2023-7346 (Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivat ...)
 	NOT-FOR-US: Ledger Bitcoin app
 CVE-2026-41073 (RT is an open source, enterprise-grade issue and ticket tracking syste ...)
+	{DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/dce7ff6799d930d09c10a50539325f1290440d4b (rt-5.0.10)
 CVE-2026-44229
+	{DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
@@ -12085,21 +12114,25 @@ CVE-2026-44227
 	- request-tracker4 <not-affected> (Only affects RT6)
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
 CVE-2026-6841 (Request Tracker is vulnerable to a reflected cross-site scripting (XSS ...)
+	{DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/d7abb692a5ab7a7738a08be3debb92b1c6ab8215 (rt-5.0.10)
 CVE-2026-41076 (RT is an open source, enterprise-grade issue and ticket tracking syste ...)
+	{DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/c8120898d92adf1adae6fce11e0816d08afb395f (rt-5.0.10)
 CVE-2026-41075 (RT is an open source, enterprise-grade issue and ticket tracking syste ...)
+	{DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
 	NOTE: Fixed by: https://github.com/bestpractical/rt/commit/9ed06dadc29a75e17b25017f929edeff62d224bc (rt-5.0.10)
 CVE-2026-44231
+	{DSA-6324-1}
 	- request-tracker5 5.0.10+dfsg-1
 	- request-tracker4 <removed>
 	NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3dec845c56e97cc7a93bc1986fb59ff1bdf2b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ee3dec845c56e97cc7a93bc1986fb59ff1bdf2b9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260606/949b532b/attachment-0001.htm>