[Git][security-tracker-team/security-tracker][master] 2 commits: Add two new issues in seaweedfs, itp'ed
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Jun 30 22:40:52 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bedde6c7 by Salvatore Bonaccorso at 2026-06-30T23:39:34+02:00
Add two new issues in seaweedfs, itp'ed
- - - - -
ed3098db by Salvatore Bonaccorso at 2026-06-30T23:40:11+02:00
Adjust two CVEs for SeaweedFS to itp'ed entry
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -34,9 +34,9 @@ CVE-2026-58374 (In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi
CVE-2026-58373 (CVAT before 2.69.0 contains an improper authorization vulnerability in ...)
NOT-FOR-US: Computer Vision Annotation Tool (CVAT)
CVE-2026-58372 (SeaweedFS before 4.34 contains a path traversal vulnerability in the S ...)
- TODO: check
+ - seaweedfs <itp> (bug #956957)
CVE-2026-58371 (SeaweedFS before 4.30 reflects the callback query parameter verbatim i ...)
- TODO: check
+ - seaweedfs <itp> (bug #956957)
CVE-2026-58370 (Woodpecker before 3.15.0 matches the ApprovalAllowedUsers bypass list ...)
- woodpecker <itp> (bug #1008934)
CVE-2026-58369 (Woodpecker before 3.15.0 registers the /api/orgs/lookup/*org_full_name ...)
@@ -2612,7 +2612,7 @@ CVE-2026-55180 (pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and
CVE-2026-55092 (Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an ...)
- trivy <itp> (bug #929458)
CVE-2026-54917 (SeaweedFS is a distributed storage system for object storage (S3), fil ...)
- NOT-FOR-US: SeaweedFS
+ - seaweedfs <itp> (bug #956957)
CVE-2026-54849 (Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= ...)
NOT-FOR-US: WordPress plugin or theme
CVE-2026-54848 (Insertion of Sensitive Information Into Sent Data vulnerability in Saa ...)
@@ -177681,7 +177681,7 @@ CVE-2025-22233 (CVE-2024-38820 ensured Locale-independent, lowercase conversion
CVE-2025-1975 (A vulnerability in the Ollama server version 0.5.11 allows a malicious ...)
- ollama <itp> (bug #1094806)
CVE-2024-40120 (seaweedfs v3.68 was discovered to contain a SQL injection vulnerabilit ...)
- NOT-FOR-US: seaweedfs
+ - seaweedfs <itp> (bug #956957)
CVE-2025-40907 (FCGI versions 0.44 through 0.82, for Perl, include a vulnerable versio ...)
- libfcgi-perl 0.79+ds-2
NOTE: https://lists.security.metacpan.org/cve-announce/msg/29651740/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d470046fa6c9779d17ef153805bac1859953f578...ed3098db22013f5e90197e20cd5563b2de8c9c6d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d470046fa6c9779d17ef153805bac1859953f578...ed3098db22013f5e90197e20cd5563b2de8c9c6d
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260630/3821df46/attachment.htm>
More information about the debian-security-tracker-commits
mailing list