[Git][security-tracker-team/security-tracker][master] 2 commits: Add two new issues in seaweedfs, itp'ed

Salvatore Bonaccorso (@carnil) carnil at debian.org
Tue Jun 30 22:40:52 BST 2026



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bedde6c7 by Salvatore Bonaccorso at 2026-06-30T23:39:34+02:00
Add two new issues in seaweedfs, itp'ed

- - - - -
ed3098db by Salvatore Bonaccorso at 2026-06-30T23:40:11+02:00
Adjust two CVEs for SeaweedFS to itp'ed entry

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -34,9 +34,9 @@ CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi
 CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization vulnerability in ...)
 	NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
 CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability in the S ...)
-	TODO: check
+	- seaweedfs <itp> (bug #956957)
 CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter verbatim i ...)
-	TODO: check
+	- seaweedfs <itp> (bug #956957)
 CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list  ...)
 	- woodpecker <itp> (bug #1008934)
 CVE-2026-58369 (Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name ...)
@@ -2612,7 +2612,7 @@ CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and
 CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an  ...)
 	- trivy <itp> (bug #929458)
 CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage (S3), fil ...)
-	NOT-FOR-US: SeaweedFS
+	- seaweedfs <itp> (bug #956957)
 CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data vulnerability in Saa ...)
@@ -177681,7 +177681,7 @@ CVE-2025-22233 (CVE-2024-38820 ensured Locale-independent, lowercase conversion
 CVE-2025-1975 (A vulnerability in the Ollama server version 0.5.11 allows a malicious ...)
 	- ollama <itp> (bug #1094806)
 CVE-2024-40120 (seaweedfs v3.68 was discovered to contain a SQL injection vulnerabilit ...)
-	NOT-FOR-US: seaweedfs
+	- seaweedfs <itp> (bug #956957)
 CVE-2025-40907 (FCGI versions 0.44 through 0.82, for Perl, include a vulnerable versio ...)
 	- libfcgi-perl 0.79+ds-2
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/29651740/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d470046fa6c9779d17ef153805bac1859953f578...ed3098db22013f5e90197e20cd5563b2de8c9c6d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d470046fa6c9779d17ef153805bac1859953f578...ed3098db22013f5e90197e20cd5563b2de8c9c6d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/3821df46/attachment.htm>


More information about the debian-security-tracker-commits mailing list