[Git][security-tracker-team/security-tracker][master] new libass issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 27 17:00:31 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dd02e3a9 by Moritz Muehlenhoff at 2026-06-27T18:00:23+02:00
new libass issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,16 @@
+CVE-2026-XXXX [Out-of-bounds bit clears for negative Matroska ReadOrder values]
+	- libass 1:0.17.5-1
+	[trixie] - libass <not-affected> (Vulnerable code not present)
+	[bookworm] - libass <not-affected> (Vulnerable code not present)
+	[bullseye] - libass <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/libass/libass/security/advisories/GHSA-5gf7-wjfm-vmvm
+	NOTE: Introduced with: https://github.com/libass/libass/commit/dcc9eb722ebd485d2ed0e21c261b0a1b05497154 (0.17.4)
+	NOTE: Fixed with: https://github.com/libass/libass/commit/23da65a130bb8c5b2cf0c7df0dd7d424607f98f1 (0.17.5)
+	NOTE: https://github.com/libass/libass/issues/937
+CVE-2026-XXXX [Out-of-bounds read and write in wrap_lines_measure]
+	- libass 1:0.17.5-1
+	NOTE: https://github.com/libass/libass/security/advisories/GHSA-pjjp-65r7-ppgm
+	NOTE: https://github.com/libass/libass/commit/f2ef59755292bc4bb950ef22710e18a5487c399d (0.17.5)
 CVE-2026-9677 (The Shariff for WordPress Shariff for WordPress plugin through 1.0.11  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-56414 (A vulnerability exists in H.View IP cameras certificate-related upload ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd02e3a9cbacc91d946001a4c5726078d21261b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd02e3a9cbacc91d946001a4c5726078d21261b9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/333fb5cc/attachment.htm>


More information about the debian-security-tracker-commits mailing list