[Git][security-tracker-team/security-tracker][master] 2 commits: Add two new tinyproxy issues
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Jun 18 09:44:46 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
865da698 by Salvatore Bonaccorso at 2026-06-18T10:43:01+02:00
Add two new tinyproxy issues
- - - - -
684c7395 by Salvatore Bonaccorso at 2026-06-18T10:44:25+02:00
Prefix commit for CVE-2026-55202
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11,7 +11,7 @@ CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; latest commit 459ca
CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly v ...)
- tinyproxy <unfixed>
NOTE: https://github.com/tinyproxy/tinyproxy/pull/606
- NOTE: https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce
+ NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce
CVE-2026-55201 (Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path trave ...)
NOT-FOR-US: Evil-WinRM
CVE-2026-55200 (libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bou ...)
@@ -27,9 +27,15 @@ CVE-2026-54533 (vantage6 is an open-source infrastructure for privacy preserving
CVE-2026-54445 (vantage6 is an open-source infrastructure for privacy preserving analy ...)
NOT-FOR-US: vantage6
CVE-2026-54388 (Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject req ...)
- TODO: check
+ - tinyproxy <unfixed>
+ NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
+ NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
+ NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb
CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile ...)
- TODO: check
+ - tinyproxy <unfixed>
+ NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
+ NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
+ NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/623bfc093df009296f0b85d40bc677ef9d5c09bb
CVE-2026-54386 (marimo before 0.23.9 contains a reflected cross-site scripting vulnera ...)
TODO: check
CVE-2026-53676 (ThingsBoard contains a prototype pollution vulnerability which may lea ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5d291fa5037990847aea808a16ac596c2a7fdf...684c7395f211ba3801113482cdbd2678178a5308
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fb5d291fa5037990847aea808a16ac596c2a7fdf...684c7395f211ba3801113482cdbd2678178a5308
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/6d72101b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list