[Git][security-tracker-team/security-tracker][master] Add another batch of netty issues

Fri Jun 12 21:41:50 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d20113b by Salvatore Bonaccorso at 2026-06-12T22:41:30+02:00
Add another batch of netty issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -217,7 +217,8 @@ CVE-2026-46690 (unbounded_spsc is an "unbounded" extension of bounded_spsc_queue
 CVE-2026-46342 (Nuxt is an open-source web development framework for Vue.js. In Nuxt v ...)
 	NOT-FOR-US: Nuxt
 CVE-2026-46340 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-5xrh-qmmq-w6ch
 CVE-2026-45833 (A code injection vulnerability in version 0.4.17 or later of the Chrom ...)
 	NOT-FOR-US: ChromaDB Python
 CVE-2026-45832 (All V1 collection-level endpoints in ChromaDB's Python project pass No ...)
@@ -227,17 +228,21 @@ CVE-2026-45831 (The SimpleRBACAuthorizationProvider authorization provider in ve
 CVE-2026-45830 (A lack of authorization validation in version 0.4.17 or later of the C ...)
 	NOT-FOR-US: ChromaDB Python
 CVE-2026-45674 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc
 CVE-2026-45673 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78
 CVE-2026-45670 (Nuxt is an open-source web development framework for Vue.js. In @nuxt/ ...)
 	NOT-FOR-US: Nuxt
 CVE-2026-45669 (Nuxt is an open-source web development framework for Vue.js. From vers ...)
 	NOT-FOR-US: Nuxt
 CVE-2026-45536 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9
 CVE-2026-45416 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh
 CVE-2026-44976 (Frappe is a full-stack web application framework. Prior to version 16. ...)
 	NOT-FOR-US: Frappe
 CVE-2026-44975 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
@@ -245,9 +250,11 @@ CVE-2026-44975 (Frappe is a full-stack web application framework. Prior to versi
 CVE-2026-44967 (OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to ...)
 	TODO: check
 CVE-2026-44894 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-cmm3-54f8-px4j
 CVE-2026-44893 (Netty is a network application framework for development of protocol s ...)
-	TODO: check
+	- netty <unfixed>
+	NOTE: https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv
 CVE-2026-44208 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
 	NOT-FOR-US: Frappe
 CVE-2026-44207 (Frappe is a full-stack web application framework. Prior to versions 15 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d20113b699f6f1c53cc83f062591c69510b0842

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0d20113b699f6f1c53cc83f062591c69510b0842
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/c2c8a71a/attachment.htm>
