[Git][security-tracker-team/security-tracker][master] Add upstream tag references for docker.io issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Jun 14 07:03:59 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
259d63a1 by Salvatore Bonaccorso at 2026-06-14T08:03:30+02:00
Add upstream tag references for docker.io issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -585,13 +585,13 @@ CVE-2026-42932 (Naxclow device identifiers use fixed manufacturing prefixes comb
CVE-2026-42306 (Moby is an open source container framework. In Docker Engine prior to ...)
- docker.io <unfixed>
NOTE: https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh
- NOTE: https://github.com/moby/moby/commit/bb6a9b177dc457b024300dfa87b4e51a86bf6406
+ NOTE: Fixed by: https://github.com/moby/moby/commit/43fa458a9c40873867e75221454de10709b04236 (docker-v29.5.1)
CVE-2026-41581 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
NOT-FOR-US: Frappe
CVE-2026-41568 (Moby is an open source container framework. In Docker Engine prior to ...)
- docker.io <unfixed>
NOTE: https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5
- NOTE: https://github.com/moby/moby/commit/af1613468c1023941f3d701344ee1df376ba9f8a
+ NOTE: Fixed by: https://github.com/moby/moby/commit/64a22d80b93ddc1416b501b5145df02947312249 (docker-v29.5.1)
CVE-2026-40677 (The use of insecure HTTP transport within AMD optional tools could all ...)
NOT-FOR-US: AMD
CVE-2026-3840 (A vulnerability in Kedro version 1.2.0 allows an attacker to exploit p ...)
@@ -4757,7 +4757,7 @@ CVE-2026-42824 (Improper neutralization of special elements used in a command ('
CVE-2026-41567 (Moby is an open source container framework. In versions prior to 29.5. ...)
- docker.io <unfixed>
NOTE: https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r
- NOTE: https://github.com/moby/moby/commit/06224f7ad000fda8de7939ea08aa61ad9814ee63
+ NOTE: Fixed by: https://github.com/moby/moby/commit/2022313ffe5a8c04890b5295bc52670ee6df8070 (docker-v29.5.1)
CVE-2026-41522 (Iris is a web collaborative platform that helps incident responders sh ...)
NOT-FOR-US: DFIR-IRIS
CVE-2026-41518 (Chartbrew is an open-source web application that can connect directly ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/259d63a184631010337af4be6b75c357fb1946e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/259d63a184631010337af4be6b75c357fb1946e9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260614/5633a0b7/attachment.htm>
More information about the debian-security-tracker-commits
mailing list