[Git][security-tracker-team/security-tracker][master] Track fixed version for some docker.io issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jun 24 16:00:44 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
307d6fc4 by Salvatore Bonaccorso at 2026-06-24T17:00:13+02:00
Track fixed version for some docker.io issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6325,13 +6325,13 @@ CVE-2026-42947 (A flaw in Naxclow's platform\u2019s onboarding workflow allows a
 CVE-2026-42932 (Naxclow device identifiers use fixed manufacturing prefixes combined w ...)
 	NOT-FOR-US: Naxclow
 CVE-2026-42306 (Moby is an open source container framework. In Docker Engine prior to  ...)
-	- docker.io <unfixed> (bug #1139967)
+	- docker.io 28.5.2+dfsg4-3 (bug #1139967)
 	NOTE: https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh
 	NOTE: Fixed by: https://github.com/moby/moby/commit/43fa458a9c40873867e75221454de10709b04236 (docker-v29.5.1)
 CVE-2026-41581 (Frappe is a full-stack web application framework. Prior to versions 15 ...)
 	NOT-FOR-US: Frappe
 CVE-2026-41568 (Moby is an open source container framework. In Docker Engine prior to  ...)
-	- docker.io <unfixed> (bug #1139966)
+	- docker.io 28.5.2+dfsg4-3 (bug #1139966)
 	NOTE: https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5
 	NOTE: Fixed by: https://github.com/moby/moby/commit/64a22d80b93ddc1416b501b5145df02947312249 (docker-v29.5.1)
 CVE-2026-40677 (The use of insecure HTTP transport within AMD optional tools could all ...)
@@ -10576,7 +10576,7 @@ CVE-2026-45290 (Cloudburst Network provides network components used within Cloud
 CVE-2026-42824 (Missing authentication for critical function in M365 Copilot allows an ...)
 	NOT-FOR-US: Microsoft
 CVE-2026-41567 (Moby is an open source container framework. In versions prior to 29.5. ...)
-	- docker.io <unfixed> (bug #1139965)
+	- docker.io 28.5.2+dfsg4-3 (bug #1139965)
 	NOTE: https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r
 	NOTE: Fixed by: https://github.com/moby/moby/commit/2022313ffe5a8c04890b5295bc52670ee6df8070 (docker-v29.5.1)
 CVE-2026-41522 (Iris is a web collaborative platform that helps incident responders sh ...)
@@ -54681,10 +54681,10 @@ CVE-2026-33750 (The brace-expansion library generates arbitrary strings containi
 	NOTE: https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v
 	NOTE: Fixed by: https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5 (v2.0.3)
 CVE-2026-33748 (BuildKit is a toolkit for converting source code to build artifacts in ...)
-	- docker.io <unfixed> (bug #1140189)
+	- docker.io 28.5.2+dfsg4-3 (bug #1140189)
 	- golang-github-moby-buildkit <itp> (bug #1094971)
 CVE-2026-33747 (BuildKit is a toolkit for converting source code to build artifacts in ...)
-	- docker.io <unfixed> (bug #1140189)
+	- docker.io 28.5.2+dfsg4-3 (bug #1140189)
 	- golang-github-moby-buildkit <itp> (bug #1094971)
 CVE-2026-33745 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
 	[experimental] - cpp-httplib 0.41.0+ds-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307d6fc48ee83824395e10dc2dca6745641e469e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/307d6fc48ee83824395e10dc2dca6745641e469e
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/89a1a720/attachment.htm>


More information about the debian-security-tracker-commits mailing list