[Git][security-tracker-team/security-tracker][master] new libsoup issue
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jun 24 21:06:41 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a21ca347 by Moritz Muehlenhoff at 2026-06-24T22:05:41+02:00
new libsoup issue
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1529,11 +1529,11 @@ CVE-2026-11997 (The Bulk SEO Image plugin for WordPress is vulnerable to Cross-S
CVE-2026-11972 (When using the "tarfile" module with a file opened in "streaming mode" ...)
TODO: check
CVE-2026-11820 (Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM \u2014 AV:N/AC: ...)
- TODO: check
+ NOT-FOR-US: Red Hat
CVE-2026-11819 (Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM \u2014 ...)
NOT-FOR-US: Red Hat
CVE-2026-11807 (A missing authorization vulnerability was found in the Event-Driven An ...)
- TODO: check
+ NOT-FOR-US: Red Hat Ansible Automation Platform
CVE-2026-11614 (The Xpro Addons \u2014 140+ Widgets for Elementor plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2026-11370 (The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Requ ...)
@@ -2559,7 +2559,14 @@ CVE-2026-12581 (EasyFlow .NET developed by Digiwin has a Session Fixation vulner
CVE-2026-12580 (EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting v ...)
NOT-FOR-US: Digiwin
CVE-2026-12549 (The fix for CVE-2026-2443 was regressed by a subsequent rework commit ...)
- TODO: check
+ - libsoup3 <unfixed>
+ [trixie] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+ [bookworm] - libsoup3 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+ - libsoup2.4 <removed>
+ [trixie] - libsoup2.4 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+ [bookworm] - libsoup2.4 <not-affected> (Incomplete fix for CVE-2026-2443 not released)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2489999
+ NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/work_items/516
CVE-2026-12479 (A path traversal vulnerability exists in keras-team/keras version 3.14 ...)
TODO: check
CVE-2026-12249 (An issue was discovered in Canonical ADSys upstream versions through v ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a21ca347c0ce942a66df1f4ef449a01ad0dee26d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260624/d7c380da/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list