[Git][security-tracker-team/security-tracker][master] Add two dnsmasq issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 24 09:39:44 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5ce38506 by Salvatore Bonaccorso at 2026-06-24T10:39:22+02:00
Add two dnsmasq issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -688,7 +688,9 @@ CVE-2026-27604 (FOSSBilling is a free, open-source billing and client management
 CVE-2026-13007 (Tenable Identity Exposure contains multiple unauthenticated API endpoi ...)
 	TODO: check
 CVE-2026-12969 (An out-of-bounds read vulnerability exists in dnsmasq's find_soa() fun ...)
-	TODO: check
+	- dnsmasq 2.93-1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491663
+	NOTE: Fixed by: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=14094e88beca519c53151184cc4553656672b54f (v2.93rc1)
 CVE-2026-12958 (Missing symlink validation in Language Servers for AWS may allow an ar ...)
 	NOT-FOR-US: Amazon
 CVE-2026-12957 (Improper trust boundary enforcement in Language Servers for AWS before ...)
@@ -1265,7 +1267,9 @@ CVE-2026-12863 (An unvalidated redirect was contained in Venueless' social login
 CVE-2026-12862 (Untrusted user data was passed verbatim to Excel exports for administr ...)
 	NOT-FOR-US: rami.io products
 CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC validat ...)
-	TODO: check
+	- dnsmasq 2.93-1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2490763
+	NOTE: Fixed by: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=36d081e37477027fd721fea498f3760f529034ad (v2.93test10)
 CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Pro ...)
 	NOT-FOR-US: IBM
 CVE-2026-12602 (Incorrect default permissions in ArubaSign, affecting versions prior t ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce38506f45d9f6e9c2f164bb90029b0b5dd1eb7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5ce38506f45d9f6e9c2f164bb90029b0b5dd1eb7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/86dbf1bd/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list