[Git][security-tracker-team/security-tracker][master] Process some mattermost-server issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jun 22 20:35:06 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e571fb4e by Salvatore Bonaccorso at 2026-06-22T21:34:35+02:00
Process some mattermost-server issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,7 +3,7 @@ CVE-2026-9610 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1
 CVE-2026-9320 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Applic ...)
 	NOT-FOR-US: IBM
 CVE-2026-9162 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-9072 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IB ...)
 	NOT-FOR-US: IBM
 CVE-2026-9071 (IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Applic ...)
@@ -17,13 +17,13 @@ CVE-2026-8934 (A Missing Authorization vulnerability in a GraphQL private API op
 CVE-2026-8858 (IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server and IBM ...)
 	NOT-FOR-US: IBM
 CVE-2026-8823 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to vali ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-8646 (IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Applica ...)
 	NOT-FOR-US: IBM
 CVE-2026-8636 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
 	NOT-FOR-US: IBM
 CVE-2026-8074 (Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enfo ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-8059 (IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9 ...)
 	NOT-FOR-US: IBM
 CVE-2026-7664 (IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attac ...)
@@ -37,9 +37,9 @@ CVE-2026-7166 (Vulnerability involving the exposure of sensitive data provided w
 CVE-2026-7165 (The vulnerability is present in the \u2018/addJugador\u2019 endpoint:  ...)
 	TODO: check
 CVE-2026-6673 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-6062 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-5139 (Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5 ...)
 	TODO: check
 CVE-2026-56450 (AIL did not restrict repeated failed attempts to verify a two-factor a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e571fb4e9ac52035b7ba400efec2a670427a1714

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e571fb4e9ac52035b7ba400efec2a670427a1714
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260622/054fb480/attachment.htm>


More information about the debian-security-tracker-commits mailing list