[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-57918/libnfs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Jun 28 13:03:50 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3affc0de by Salvatore Bonaccorso at 2026-06-28T14:03:18+02:00
Update status for CVE-2026-57918/libnfs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -586,9 +586,9 @@ CVE-2026-57921 (In JetBrains YouTrack before 2026.2.16593 improper access contro
 CVE-2026-57920 (Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a s ...)
 	NOT-FOR-US: Peplink InControl
 CVE-2026-57918 (libnfs through 6.0.2 before 935b8db has an xid integer underflow in RE ...)
-	- libnfs <unfixed>
-	[trixie] - libnfs <no-dsa> (Minor issue)
-	NOTE: https://github.com/sahlberg/libnfs/commit/935b8db712b3c6649bc57ddc276526c4a31680de
+	- libnfs <not-affected> (Vulnerable code not present)
+	NOTE: Introduced with: https://github.com/sahlberg/libnfs/commit/5e8f7ce273308eb77f94248f4501e574a703c1a5 (libnfs-6.0.0)
+	NOTE: Fixed by: https://github.com/sahlberg/libnfs/commit/935b8db712b3c6649bc57ddc276526c4a31680de
 CVE-2026-57915 (It is possible to bypass the Kerberos pre-authentication check in Apac ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-57914 (By sending a deeply nested ASN1 structure to a Apache Kerby client or  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3affc0de25cc8296340769dfbb47391664543a44

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3affc0de25cc8296340769dfbb47391664543a44
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260628/89663608/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list