[Git][security-tracker-team/security-tracker][master] bugnums

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 12 15:34:53 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4822c7f6 by Moritz Muehlenhoff at 2026-06-12T16:34:36+02:00
bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -105,16 +105,16 @@ CVE-2026-45169 (Idira Privileged Access Manager (PAM) Self-Hosted Vault versions
 CVE-2026-45060 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
 	NOT-FOR-US: ClipBucket
 CVE-2026-44892 (Netty is a network application framework for development of protocol s ...)
-	- netty <unfixed>
+	- netty <unfixed> (bug #1139807)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-c2rx-5r8w-8xr2
 CVE-2026-44890 (Netty is a network application framework for development of protocol s ...)
-	- netty <unfixed>
+	- netty <unfixed> (bug #1139807)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-6ghj-frrj-jjj3
 CVE-2026-44250 (Netty is a network application framework for development of protocol s ...)
-	- netty <unfixed>
+	- netty <unfixed> (bug #1139807)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-3244-j874-rhc2
 CVE-2026-44249 (Netty is a network application framework for development of protocol s ...)
-	- netty <unfixed>
+	- netty <unfixed> (bug #1139807)
 	NOTE: https://github.com/netty/netty/security/advisories/GHSA-3qp7-7mw8-wx86
 CVE-2026-42846 (ClipBucket v5 is an open source video sharing platform. Prior to versi ...)
 	NOT-FOR-US: ClipBucket
@@ -596,7 +596,7 @@ CVE-2026-11956 (A vulnerability was determined in TwiN gatus 5.36.0. Impacted is
 CVE-2026-11945 (PostgreSQL Anonymizer contains a vulnerability that allows a user to g ...)
 	TODO: check
 CVE-2026-11850 (An integer underflow vulnerability was found in MIT krb5 in the berval ...)
-	- krb5 <unfixed>
+	- krb5 <unfixed> (bug #1139821)
 	[trixie] - krb5 <no-dsa> (Minor issue)
 	[bullseye] - krb5 <postponed> (Minor issue)
 	NOTE: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9206
@@ -607,7 +607,7 @@ CVE-2026-11816 (Keras versions prior to 3.14.0 are vulnerable to a path traversa
 	- keras <removed>
 	[bullseye] - keras <end-of-life> (out of security support for bullseye)
 CVE-2026-11774 (An integer overflow flaw was found in the SASL I/O layer of 389 Direct ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139809)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484916
 CVE-2026-11604 (An incorrect buffer size calculation in the epoch key generator in Ope ...)
 	TODO: check
@@ -682,7 +682,7 @@ CVE-2023-32959 (Missing Authorization vulnerability in Sparkle WP MetroStore met
 CVE-2022-48575 (A person with access to a Mac may be able to bypass Login Window. A co ...)
 	NOT-FOR-US: Apple
 CVE-2026-10143 (kafka-python prior to 2.3.2 contains a denial-of-service vulnerability ...)
-	- python-kafka <unfixed>
+	- python-kafka <unfixed> (bug #1139822)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
 CVE-2026-6893 (A flaw was found in dracut. A remote attacker on the adjacent network  ...)
 	- dracut <unfixed> (bug #1139725)
@@ -934,9 +934,8 @@ CVE-2026-20252 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and
 CVE-2026-20251 (In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13 ...)
 	NOT-FOR-US: Cisco
 CVE-2026-11884 (A heap buffer overflow flaw was found in 389 Directory Server. When se ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139819)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2423624
-	TODO: check upstream details
 CVE-2026-11859 (An HTML injection vulnerability in the "fetch links" email sent by Thi ...)
 	NOT-FOR-US: Canarytokens
 CVE-2026-11626 (CleanWipe Removal Tool (macOS), prior to 16.0.0.65,may be susceptible  ...)
@@ -1330,7 +1329,7 @@ CVE-2026-11526
 CVE-2026-52903
 	NOT-FOR-US: ManageIQ
 CVE-2026-11791
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139816)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485414
 CVE-2026-49839
 	- jq 1.8.1-8
@@ -2192,37 +2191,29 @@ CVE-2026-24064 (Waves Central for macOS versions 13.0.9 through 16.5.5 contain a
 CVE-2026-22926 (Omnissa Workspace ONE\xae Assist for macOS contains a Local Privilege  ...)
 	NOT-FOR-US: Omnissa
 CVE-2026-11793 (A stack buffer overflow flaw was found in 389 Directory Server. The ch ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139818)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484914
-	TODO: check details
 CVE-2026-11792 (A heap buffer overflow flaw was found in 389 Directory Server. When au ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139817)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484915
-	TODO: check details
 CVE-2026-11790 (A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password s ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139815)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485421
-	TODO: check details
 CVE-2026-11789 (A flaw was found in 389 Directory Server. The SMD5 password storage pl ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139814)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485422
-	TODO: check details
 CVE-2026-11788 (A flaw was found in 389 Directory Server. The dereference control plug ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139813)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485423
-	TODO: check details
 CVE-2026-11787 (A flaw was found in 389 Directory Server. The ldap_utf8prev() function ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139812)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485425
-	TODO: check details
 CVE-2026-11786 (A flaw was found in 389 Directory Server. The LDIF parser reads past t ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139811)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485426
-	TODO: check details
 CVE-2026-11785 (A flaw was found in 389 Directory Server. A type confusion in the SSO  ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139810)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485427
-	TODO: check details
 CVE-2026-11764 (When creating an export of all reusable media, the secrets of connecte ...)
 	NOT-FOR-US: rami.io products
 CVE-2026-11616 (The Events Calendar for GeoDirectory plugin for WordPress is vulnerabl ...)
@@ -3276,7 +3267,7 @@ CVE-2026-25555 (OpenBullet2 through version 0.3.2 contains an authentication byp
 CVE-2026-22164 (Software installed and run as a non-privileged user may conduct improp ...)
 	NOT-FOR-US: Imagination Technologies
 CVE-2026-11611 (A flaw was found in 389 Directory Server. The Content Synchronization  ...)
-	- 389-ds-base <unfixed>
+	- 389-ds-base <unfixed> (bug #1139820)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485424
 CVE-2026-11577 (A flaw was found in Keycloak. A limited administrator can exploit an i ...)
 	- keycloak <itp> (bug #1088287)
@@ -6193,13 +6184,11 @@ CVE-2026-2596
 CVE-2026-28318 (SolarWinds Serv-U is susceptible to specially crafted POST requests th ...)
 	NOT-FOR-US: SolarWinds
 CVE-2026-26825 (A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 whe ...)
-	- r-cran-readxl <undetermined>
+	- r-cran-readxl <unfixed> (bug #1139808)
 	NOTE: https://github.com/libxls/libxls/issues/156
-	TODO: check security impact for r-cran-readxl
 CVE-2026-26824 (libxls through version 1.6.3 contains a use of uninitialized memory vu ...)
-	- r-cran-readxl <undetermined>
+	- r-cran-readxl <unfixed> (bug #1139808)
 	NOTE: https://github.com/libxls/libxls/issues/155
-	TODO: check security impact for r-cran-readxl
 CVE-2026-25551 (Seagull Software BarTender 2021 R1 through 12.0.1contains an insecure  ...)
 	NOT-FOR-US: Seagull Software BarTender
 CVE-2026-25550 (Seagull Software BarTender 2010, 2016, and 2019 contain an unauthentic ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4822c7f61187104fa2c8067a7fd99b9844efcfaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4822c7f61187104fa2c8067a7fd99b9844efcfaf
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/815ea343/attachment.htm>

More information about the debian-security-tracker-commits mailing list