[Git][security-tracker-team/security-tracker][master] Add Debian bug references for netty issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Jun 13 12:49:51 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1a2fbd13 by Salvatore Bonaccorso at 2026-06-13T13:48:57+02:00
Add Debian bug references for netty issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -346,7 +346,7 @@ CVE-2026-50627 (The JwtAccessTokenValidator class in Apache CXF fails to validat
CVE-2026-50623 (An authentication bypass vulnerability exists in the OAuth2 TokenIntro ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-50560 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-563q-j3cm-6jxm
CVE-2026-50244 (The Naxclow platform exposes a registration endpoint that accepts sign ...)
NOT-FOR-US: Naxclow platform
@@ -379,16 +379,16 @@ CVE-2026-50082 (The Aqara Cloud Developer Portal (developer.aqara.com) issued a
CVE-2026-50026 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
NOT-FOR-US: Frappe
CVE-2026-50020 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-hvcg-qmg6-jm4c
CVE-2026-50011 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-5w86-c3rq-vjj7
CVE-2026-50010 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-c653-97m9-rcg9
CVE-2026-50009 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-cq4q-cv5g-r8q5
CVE-2026-50008 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
@@ -404,32 +404,32 @@ CVE-2026-48914 (A flaw was found in QEMU's virtio-blk device. The issue arises b
NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/f34e73cd69bdbdb9b1d56b288c5e14d6fff58165 (v1.1.0-rc3)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/aeea0c2804c42f24915467a1e4c70e649e39b8e0
CVE-2026-48748 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-4grm-h2qv-h6w6
CVE-2026-48558 (SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions cont ...)
NOT-FOR-US: SimpleHelp
CVE-2026-48485 (Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the la ...)
NOT-FOR-US: Quest Bot
CVE-2026-48059 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-h2qv-fj59-j46j
CVE-2026-48043 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-c2gf-v879-257j
CVE-2026-48006 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-6jv9-x5w9-2ccm
CVE-2026-47965 (Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are aff ...)
NOT-FOR-US: Adobe
CVE-2026-47739 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
NOT-FOR-US: Frappe
CVE-2026-47691 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-5pvg-856g-cp85
CVE-2026-47248 (Parse Server is an open source backend that can be deployed to any inf ...)
NOT-FOR-US: Parse Server
CVE-2026-47244 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-5x3r-wrvg-rp6q
CVE-2026-47236 (Solidtime is an open-source time-tracking app. Prior to version 0.12.2 ...)
NOT-FOR-US: Solidtime
@@ -480,7 +480,7 @@ CVE-2026-46690 (unbounded_spsc is an "unbounded" extension of bounded_spsc_queue
CVE-2026-46342 (Nuxt is an open-source web development framework for Vue.js. In Nuxt v ...)
NOT-FOR-US: Nuxt
CVE-2026-46340 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-5xrh-qmmq-w6ch
CVE-2026-45833 (A code injection vulnerability in version 0.4.17 or later of the Chrom ...)
NOT-FOR-US: ChromaDB Python
@@ -491,20 +491,20 @@ CVE-2026-45831 (The SimpleRBACAuthorizationProvider authorization provider in ve
CVE-2026-45830 (A lack of authorization validation in version 0.4.17 or later of the C ...)
NOT-FOR-US: ChromaDB Python
CVE-2026-45674 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-676x-f7gg-47vc
CVE-2026-45673 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-xmv7-r254-6q78
CVE-2026-45670 (Nuxt is an open-source web development framework for Vue.js. In @nuxt/ ...)
NOT-FOR-US: Nuxt
CVE-2026-45669 (Nuxt is an open-source web development framework for Vue.js. From vers ...)
NOT-FOR-US: Nuxt
CVE-2026-45536 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-w573-9ffj-6ff9
CVE-2026-45416 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-x4gw-5cx5-pgmh
CVE-2026-44976 (Frappe is a full-stack web application framework. Prior to version 16. ...)
NOT-FOR-US: Frappe
@@ -516,10 +516,10 @@ CVE-2026-44967 (OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Pr
NOTE: https://github.com/open-telemetry/opentelemetry-cpp/issues/3958
NOTE: https://github.com/open-telemetry/opentelemetry-cpp/pull/4078
CVE-2026-44894 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-cmm3-54f8-px4j
CVE-2026-44893 (Netty is a network application framework for development of protocol s ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-cc37-9q2j-3hfv
CVE-2026-44208 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
NOT-FOR-US: Frappe
@@ -20304,37 +20304,37 @@ CVE-2026-42780 (A directory traversal vulnerability exists in BIG-IP SSL Orchest
CVE-2026-42602 (azureauthextension is the Azure Authenticator Extension. From 0.124.0 ...)
NOT-FOR-US: Azure Authenticator ExtensionAzure Authenticator Extension
CVE-2026-42587 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv
CVE-2026-42586 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-rgrr-p7gp-5xj7
CVE-2026-42585 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv
CVE-2026-42584 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3
CVE-2026-42583 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-mj4r-2hfc-f8p6
CVE-2026-42582 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-2c5c-chwr-9hqw
CVE-2026-42581 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9
CVE-2026-42580 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723
CVE-2026-42579 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-cm33-6792-r9fm
CVE-2026-42578 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-45q3-82m4-75jr
CVE-2026-42577 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed>
+ - netty <unfixed> (bug #1139914)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-rwm7-x88c-3g2p
NOTE: https://github.com/netty/netty/pull/16689
NOTE: Fixed by: https://github.com/netty/netty/commit/0ec3d97fab376e243d328ac95fbd288ba0f6e22d (netty-4.2.13.Final)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2fbd138473dfdf1cea1b1a384542092059b0ea
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1a2fbd138473dfdf1cea1b1a384542092059b0ea
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/ea33af6e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list