[Git][security-tracker-team/security-tracker][master] new docker.io issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 13 23:42:15 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a70a87ad by Moritz Muehlenhoff at 2026-06-14T00:41:14+02:00
new docker.io issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -583,11 +583,15 @@ CVE-2026-42947 (A flaw in Naxclow's platform\u2019s onboarding workflow allows a
 CVE-2026-42932 (Naxclow device identifiers use fixed manufacturing prefixes combined w ...)
 	NOT-FOR-US: Naxclow
 CVE-2026-42306 (Moby is an open source container framework. In Docker Engine prior to  ...)
-	TODO: check
+	- docker.io <unfixed>
+	NOTE: https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh
+	NOTE: https://github.com/moby/moby/commit/bb6a9b177dc457b024300dfa87b4e51a86bf6406
 CVE-2026-41581 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
 	NOT-FOR-US: Frappe
 CVE-2026-41568 (Moby is an open source container framework. In Docker Engine prior to  ...)
-	TODO: check
+	- docker.io <unfixed>
+	NOTE: https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5
+	NOTE: https://github.com/moby/moby/commit/af1613468c1023941f3d701344ee1df376ba9f8a
 CVE-2026-40677 (The use of insecure HTTP transport within AMD optional tools could all ...)
 	NOT-FOR-US: AMD
 CVE-2026-3840 (A vulnerability in Kedro version 1.2.0 allows an attacker to exploit p ...)
@@ -4747,7 +4751,9 @@ CVE-2026-45290 (Cloudburst Network provides network components used within Cloud
 CVE-2026-42824 (Improper neutralization of special elements used in a command ('comman ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-41567 (Moby is an open source container framework. In versions prior to 29.5. ...)
-	TODO: check
+	- docker.io <unfixed>
+	NOTE: https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r
+	NOTE: https://github.com/moby/moby/commit/06224f7ad000fda8de7939ea08aa61ad9814ee63
 CVE-2026-41522 (Iris is a web collaborative platform that helps incident responders sh ...)
 	NOT-FOR-US: DFIR-IRIS
 CVE-2026-41518 (Chartbrew is an open-source web application that can connect directly  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a70a87ada07aad82be87e31713b176a9e5068b4e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a70a87ada07aad82be87e31713b176a9e5068b4e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/80c29b3b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list