[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-26007

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Mar 4 04:55:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7a75068 by Salvatore Bonaccorso at 2026-03-04T05:52:01+01:00
Update status for CVE-2026-26007

Additionally note where the implementation for EC support moved to Rust,
but the issue is not Rust specific. Support for SECT* binary elliptic
curves is deprecated and will be removed in a future python-cryptography
version.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8440,7 +8440,10 @@ CVE-2026-26013 (LangChain is a framework for building agents and LLM-powered app
 	NOT-FOR-US: LangChain
 CVE-2026-26007 (cryptography is a package designed to expose cryptographic primitives  ...)
 	- python-cryptography 46.0.5-1 (bug #1127926)
+	[trixie] - python-cryptography <no-dsa> (Minor issue; only affects binary elliptic curves, which are rarely used in real-world applications)
+	[bookworm] - python-cryptography <no-dsa> (Minor issue; only affects binary elliptic curves, which are rarely used in real-world applications)
 	NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
+	NOTE: EC support migrated to Rust in: https://github.com/pyca/cryptography/commit/f38eb4a0e45645e6a43f8dd589f1d3ce1103e83c (42.0.0)
 	NOTE: Fixed by: https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c (46.0.5)
 CVE-2026-26006 (AutoGPT is a platform that allows users to create, deploy, and manage  ...)
 	NOT-FOR-US: AutoGPT



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7a75068cdd36e0e6326edc6c5a7ca9a48ec94a8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7a75068cdd36e0e6326edc6c5a7ca9a48ec94a8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260304/4eda5402/attachment.htm>

More information about the debian-security-tracker-commits mailing list