[Git][security-tracker-team/security-tracker][master] add lxd references, thanks to Mathias Gibbens

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 27 21:51:38 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5429b6ed by Moritz Muehlenhoff at 2026-06-27T22:50:24+02:00
add lxd references, thanks to Mathias Gibbens

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -908,7 +908,9 @@ CVE-2026-13372 (Incorrect link resolution by display name in the custom PowerShe
 CVE-2026-13325 (A flaw was found in KubeVirt's migration proxy. When spec.configuratio ...)
 	NOT-FOR-US: KubeVirt
 CVE-2026-12411 (Broken Access Control in the devLXDInstancePatchHandler component of C ...)
-	TODO: check
+	- lxd <not-affected> (Only affects LXD 6.6 and later)
+	NOTE: https://github.com/canonical/lxd/security/advisories/GHSA-hhf9-qw4v-72xp
+	NOTE: https://github.com/canonical/lxd/pull/18585
 CVE-2026-11779 (An Improper Authorization vulnerability exists in PayloadCMS version 3 ...)
 	NOT-FOR-US: PayloadCMS
 CVE-2026-0828 (Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x ...)
@@ -1192,40 +1194,56 @@ CVE-2020-37256 (Grav before 1.6.30 contains a cross-site scripting vulnerability
 CVE-2026-48750
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-73hr-m85f-64v9
+	NOTE: https://github.com/canonical/lxd/pull/18590
 CVE-2026-48751
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-48q5-w887-33wv
+	NOTE: https://github.com/canonical/lxd/pull/18604
 CVE-2026-48752
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-vxp5-584q-c479
 	NOTE: https://github.com/lxc/incus/commit/cbefa31ae0da8fd96361178aed3a3c631e098fef (v7.2.0)
+	NOTE: https://github.com/canonical/lxd/pull/18590
 CVE-2026-48755
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-v6mj-8pf4-hhw4
 	NOTE: https://github.com/lxc/incus/commit/873a032a461df6b09b7586435b592873863a4e88 (v7.2.0)
+	NOTE: https://github.com/canonical/lxd/pull/18597
 CVE-2026-48769
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-f6m5-xw2g-xc4x
 	NOTE: https://github.com/lxc/incus/commit/46d6ef232186df5535c49ca9f3597cab381f9b86 (v7.2.0)
+	NOTE: https://github.com/canonical/lxd/pull/18594
 CVE-2026-55621
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-64f3-v33m-w89f
 	NOTE: https://github.com/lxc/incus/commit/2e01078366e2653712719dec82318e51c6d21b28 (v7.2.0)
+	NOTE: https://github.com/canonical/lxd/pull/18603
 CVE-2026-55622
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-c9f5-j9c3-mhrg
 	NOTE: https://github.com/lxc/incus/commit/1e3ffc53a10950e55de62ac1e0d612be597b84eb (v7.2.0)
+	NOTE: https://github.com/canonical/lxd/pull/18603
 CVE-2026-48749
 	{DSA-6370-1}
 	- incus 7.0.0-5
+	- lxd <removed>
 	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-2q3f-q5pq-g8wv
+	NOTE: https://github.com/canonical/lxd/pull/18590
 CVE-2026-XXXX [ZSA-2026-12]
 	- znuny 6.5.22-1
 	[trixie] - znuny <no-dsa> (Non-free not supported)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5429b6ed80c40b3f68134470705260042a0cefbf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5429b6ed80c40b3f68134470705260042a0cefbf
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260627/910972ca/attachment.htm>


More information about the debian-security-tracker-commits mailing list