[Git][security-tracker-team/security-tracker][master] Add information for CVE-2026-32836/libchdr

Adrian Bunk (@bunk) bunk at debian.org
Thu Jun 11 11:47:36 BST 2026 


Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ab77a16c by Adrian Bunk at 2026-06-11T13:44:47+03:00
Add information for CVE-2026-32836/libchdr

First note copied from CVE-2025-14369.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -54346,7 +54346,12 @@ CVE-2026-32837 (miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae
 	[trixie] - miniaudio <no-dsa> (Minor issue)
 	NOTE: https://github.com/mackron/miniaudio/issues/1101
 CVE-2026-32836 (dr_libsdr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, ...)
-	TODO: check
+	- libchdr <unfixed>
+	NOTE: qtads, dosbox-x and love bundle a copy, but these are standalone end user apps, so no security impact
+	NOTE: https://github.com/mackron/dr_libs/issues/298
+	NOTE: https://github.com/mackron/dr_libs/commit/663239a3d0460c33bd5b6e5166edcb404e3df676
+	NOTE: https://github.com/mackron/dr_libs/commit/fefced4a64adfb1a68a2d31d882366e56096dee8
+	NOTE: https://github.com/mackron/dr_libs/commit/4f5a4cd3b57564d969443c580c75857e039f100a
 CVE-2026-32586 (Missing Authorization vulnerability in Pluggabl Booster for WooCommerc ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-32298 (The Angeet ES3 KVM does not properly sanitize user-supplied variables  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab77a16c2d462288cffdc45a7e6db1fd6480a9b1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ab77a16c2d462288cffdc45a7e6db1fd6480a9b1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/04837cc6/attachment.htm>

More information about the debian-security-tracker-commits mailing list