[Git][security-tracker-team/security-tracker][master] 4 commits: lts: mark CVE-2026-30928, CVE-2026-30930/glances as not affecting Bullseye

Daniel Leidert (@dleidert) dleidert at debian.org
Mon Mar 16 01:59:28 GMT 2026 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
97537767 by Daniel Leidert at 2026-03-16T02:04:52+01:00
lts: mark CVE-2026-30928,CVE-2026-30930/glances as not affecting Bullseye

- - - - -
9388bbc5 by Daniel Leidert at 2026-03-16T02:17:37+01:00
Add patch link for CVE-2025-66678/activemq

- - - - -
50c642af by Daniel Leidert at 2026-03-16T02:28:38+01:00
Add patch links for CVE-2026-22891,CVE-2026-20777,CVE-2025-64736/biosig

- - - - -
26cfcf43 by Daniel Leidert at 2026-03-16T02:58:33+01:00
Add link to commit that introduced CVE-2026-23865/freetype

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2188,12 +2188,14 @@ CVE-2026-30930 (Glances is an open-source system cross-platform monitoring tool.
 	- glances 4.5.1+dfsg-1 (bug #1130504)
 	[trixie] - glances <not-affected> (Vulnerable code introduced later)
 	[bookworm] - glances <not-affected> (Vulnerable code introduced later)
+	[bullseye] - glances <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/nicolargo/glances/security/advisories/GHSA-x46r-mf5g-xpr6
 	NOTE: Introduced with: https://github.com/nicolargo/glances/commit/1365d600a3c92483efa42ad67aad8b9aa2769635 (v4.3.2)
 	NOTE: Fixed by: https://github.com/nicolargo/glances/commit/39161f0d6fd723d83f534b48f24cdca722573336 (v4.5.1)
 CVE-2026-30928 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
 	- glances 4.5.1+dfsg-1 (bug #1130503)
 	[bookworm] - glances <not-affected> (Vulnerable code introduced later)
+	[bullseye] - glances <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/nicolargo/glances/security/advisories/GHSA-gh4x-f7cq-wwx6
 	NOTE: Fixed by: https://github.com/nicolargo/glances/commit/5d3de603e63f21b0fd6aa2b9da0301f757c33e39 (v4.5.1)
 CVE-2026-30897 (A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 ...)
@@ -5305,6 +5307,9 @@ CVE-2025-66678 (An issue in the HwRwDrv.sys component of Nil Hardware Editor Har
 CVE-2025-66168 (Apache ActiveMQ does not properly validate the remaining length field  ...)
 	- activemq <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2026/03/03/5
+	NOTE: https://issues.apache.org/jira/browse/AMQ-9810
+	NOTE: Fixed by: https://github.com/apache/activemq/commit/3f0720c085b24f25c98e414fefc007bc42470ee3 (activemq-5.19.2)
+	NOTE: Fixed by: https://github.com/apache/activemq/commit/ebed70bcd221e91d303576bdbd8acd357b914259 (activemq-5.19.2)
 CVE-2025-62879 (A vulnerability has been identified within the Rancher Backup Operator ...)
 	NOT-FOR-US: Rancher backup operator
 CVE-2025-59787 (2N Access Commander application version 3.4.2 and prior returns HTTP 5 ...)
@@ -5597,11 +5602,13 @@ CVE-2026-24103 (A buffer overflow vulnerability was discovered in goform/formSet
 CVE-2026-22891 (A heap-based buffer overflow vulnerability exists in the Intan CLP par ...)
 	- biosig <unfixed> (bug #1130889)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361
+	NOTE: Fixed by: https://sourceforge.net/p/biosig/code/ci/3002bdc6f46225a4e76caefdd2444276e6c5b0a7/ (v3.9.3)
 CVE-2026-22886 (OpenMQ exposes a TCP-based management service (imqbrokerd) that by def ...)
 	NOT-FOR-US: OpenMQ
 CVE-2026-20777 (A heap-based buffer overflow vulnerability exists in the Nicolet WFT p ...)
 	- biosig <unfixed> (bug #1130889)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362
+	NOTE: Fixed by: https://sourceforge.net/p/biosig/code/ci/abe197c3627256ef3615a2d2f808ded069e1df4b/ (v3.9.3)
 CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnera ...)
 	NOT-FOR-US: IBM
 CVE-2026-0540 (DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit ...)
@@ -5624,6 +5631,7 @@ CVE-2025-66363 (An issue was discovered in LBS in Samsung Mobile Processor Exyno
 CVE-2025-64736 (An out-of-bounds read vulnerability exists in the ABF parsing function ...)
 	- biosig <unfixed> (bug #1130889)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323
+	NOTE: Fixed by: https://sourceforge.net/p/biosig/code/ci/718741c09e0b065b8ad0ebf66128a44899554930/ (v3.9.3)
 CVE-2025-63912 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was disc ...)
 	NOT-FOR-US: Cohesity TranZman Migration Appliance
 CVE-2025-63911 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was disc ...)
@@ -5876,6 +5884,7 @@ CVE-2026-24101 (An issue was discovered in goform/formSetIptv in Tenda AC15V1.0
 	NOT-FOR-US: Tenda
 CVE-2026-23865 (An integer overflow in the tt_var_load_item_variation_store function o ...)
 	- freetype 2.14.2+dfsg-1 (bug #1129606)
+	NOTE: Introduced by: https://gitlab.com/freetype/freetype/-/commit/115e927540dba128980dd734dadeb06aa7b0f4d8 (VER-2-13-1)
 	NOTE: Fixed by: https://gitlab.com/freetype/freetype/-/commit/fc85a255849229c024c8e65f536fe1875d84841c (VER-2-14-2)
 CVE-2026-23600 (A remote authentication bypass vulnerability   exists in HPE AutoPass  ...)
 	NOT-FOR-US: HPE



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0242352654ad44afa4500bac597e4120a856f5a7...26cfcf43fadad029da2915ffade36e8a008056c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/0242352654ad44afa4500bac597e4120a856f5a7...26cfcf43fadad029da2915ffade36e8a008056c4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/7fb2a096/attachment.htm>

More information about the debian-security-tracker-commits mailing list