[Git][security-tracker-team/security-tracker][master] CVE assigned for one dulwich issue

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jun 11 21:38:47 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4199209a by Salvatore Bonaccorso at 2026-06-11T22:38:37+02:00
CVE assigned for one dulwich issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -107,8 +107,6 @@ CVE-2026-52858 (Vim is an open source, command line text editor. Prior to versio
 	- vim <unfixed>
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-52mc-rq6p-rc7c
 	NOTE: Fixed by: https://github.com/vim/vim/commit/4b850457e12e1a678dd209f2868154f7553cbf8d (v9.2.0561)
-CVE-2026-52726 (Dulwich is a pure-Python implementation of the Git file formats and pr ...)
-	TODO: check
 CVE-2026-50223 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-50131 (Fedify is a TypeScript library for building federated server apps powe ...)
@@ -9892,7 +9890,7 @@ CVE-2026-47753
 	[trixie] - incus <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/lxc/incus/pull/3425
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-8g7m-96c8-8wwc
-CVE-2026-XXXX [dulwich: Submodule clone allows writing to arbitrary path]
+CVE-2026-52726 [dulwich: Submodule clone allows writing to arbitrary path]
 	- dulwich 1.2.5-1
 	NOTE: https://github.com/jelmer/dulwich/security/advisories/GHSA-gfhv-vqv2-4544
 	NOTE: https://github.com/jelmer/dulwich/commit/1ca18147a1d03b61c2ae203c46bf0b2a2f5dd421 (dulwich-1.2.5)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4199209a36099f73b8a01a10960fb52411e0988b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4199209a36099f73b8a01a10960fb52411e0988b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260611/efb39c81/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list