[Git][security-tracker-team/security-tracker][master] new libsoup issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Jun 24 21:06:41 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a21ca347 by Moritz Muehlenhoff at 2026-06-24T22:05:41+02:00
new libsoup issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1529,11 +1529,11 @@ CVE-2026-11997 (The Bulk SEO Image plugin for WordPress is vulnerable to Cross-S
 CVE-2026-11972 (When using the "tarfile" module with a file opened in "streaming mode" ...)
 	TODO: check
 CVE-2026-11820 (Module: plugins/modules/nexmo.py  CVSS 3.1: 6.5 MEDIUM \u2014 AV:N/AC: ...)
-	TODO: check
+	NOT-FOR-US: Red Hat
 CVE-2026-11819 (Module: plugins/modules/keyring_info.py   CVSS 3.1: 5.5 MEDIUM \u2014  ...)
 	NOT-FOR-US: Red Hat
 CVE-2026-11807 (A missing authorization vulnerability was found in the Event-Driven An ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Ansible Automation Platform
 CVE-2026-11614 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-11370 (The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Requ ...)
@@ -2559,7 +2559,14 @@ CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation vulner
 CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting v ...)
 	NOT-FOR-US: Digiwin
 CVE-2026-12549 (The fix for CVE-2026-2443 was regressed by a subsequent rework commit  ...)
-	TODO: check
+	- libsoup3 <unfixed>
+	[trixie] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+	[bookworm] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+	- libsoup2.4 <removed>
+	[trixie] - libsoup2.4 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+	[bookworm] - libsoup2.4 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2489999
+	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516
 CVE-2026-12479 (A path traversal vulnerability exists in keras-team/keras version 3.14 ...)
 	TODO: check
 CVE-2026-12249 (An issue was discovered in Canonical ADSys upstream versions through v ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/d7c380da/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list