[Git][security-tracker-team/security-tracker][master] Add new batch of netty issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Jun 12 20:53:52 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e75b7ee5 by Salvatore Bonaccorso at 2026-06-12T21:53:30+02:00
Add new batch of netty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -83,7 +83,8 @@ CVE-2026-50627 (The JwtAccessTokenValidator class in Apache CXF fails to validat
 CVE-2026-50623 (An authentication bypass vulnerability exists in the OAuth2 TokenIntro ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-50560 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-563q-j3cm-6jxm
 CVE-2026-50244 (The Naxclow platform exposes a registration endpoint that accepts sign ...)
 	NOT-FOR-US: Naxclow platform
 CVE-2026-50108 (The Naxclow platform API that returns device relay registration detail ...)
@@ -115,13 +116,17 @@ CVE-2026-50082 (The Aqara Cloud Developer Portal (developer.aqara.com) issued a
 CVE-2026-50026 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
 	NOT-FOR-US: Frappe
 CVE-2026-50020 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-hvcg-qmg6-jm4c
 CVE-2026-50011 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7
 CVE-2026-50010 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9
 CVE-2026-50009 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-cq4q-cv5g-r8q5
 CVE-2026-50008 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-49993 (Nuxt is an open-source web development framework for Vue.js. In @nuxt/ ...)
@@ -133,27 +138,33 @@ CVE-2026-49347 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.8,
 CVE-2026-48914 (A flaw was found in QEMU's virtio-blk device. The issue arises because ...)
 	TODO: check
 CVE-2026-48748 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-4grm-h2qv-h6w6
 CVE-2026-48558 (SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions cont ...)
 	NOT-FOR-US: SimpleHelp
 CVE-2026-48485 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the la ...)
 	NOT-FOR-US: Quest Bot
 CVE-2026-48059 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j
 CVE-2026-48043 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j
 CVE-2026-48006 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-6jv9-x5w9-2ccm
 CVE-2026-47965 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
 	NOT-FOR-US: Adobe
 CVE-2026-47739 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
 	NOT-FOR-US: Frappe
 CVE-2026-47691 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85
 CVE-2026-47248 (Parse Server is an open source backend that can be deployed to any inf ...)
 	NOT-FOR-US: Parse Server
 CVE-2026-47244 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q
 CVE-2026-47236 (Solidtime is an open-source time-tracking app. Prior to version 0.12.2 ...)
 	TODO: check
 CVE-2026-47225 (Typesense is a fast, typo-tolerant search engine. Prior to versions 29 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e75b7ee5bf317c4075194c4d6689d658e6b92d34

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e75b7ee5bf317c4075194c4d6689d658e6b92d34
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/2be23739/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list