[Git][security-tracker-team/security-tracker][master] 3 commits: Add patch link for CVE-2026-32746/inetutils

Daniel Leidert (@dleidert) dleidert at debian.org
Mon Mar 16 03:38:31 GMT 2026 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7d9390c5 by Daniel Leidert at 2026-03-16T04:38:13+01:00
Add patch link for CVE-2026-32746/inetutils

- - - - -
9a5a9440 by Daniel Leidert at 2026-03-16T04:38:13+01:00
Add patch links for CVE-2025-11143/jetty9+jetty12

- - - - -
db7e2de5 by Daniel Leidert at 2026-03-16T04:38:13+01:00
lts: add patch link for CVE-2026-29063/node-immutable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -144,6 +144,7 @@ CVE-2026-3873 (Use of Hard-coded Credentials vulnerability in Avantra allows Acc
 CVE-2026-32746 (telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in  ...)
 	- inetutils <unfixed> (bug #1130742)
 	NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html
+	NOTE: Fixed by: https://cgit.git.savannah.gnu.org/cgit/inetutils.git/commit/?id=6864598a29b652a6b69a958f5cd1318aa2b258af
 CVE-2026-32745 (In JetBrains Datalore before 2026.1 session hijacking was possible due ...)
 	NOT-FOR-US: JetBrains
 CVE-2026-32600 (xml-security is a library that implements XML signatures and encryptio ...)
@@ -3578,6 +3579,7 @@ CVE-2026-29063 (Immutable.js provides many Persistent Immutable data structures.
 	- node-immutable 4.3.8-1
 	NOTE: Fixed by: https://github.com/immutable-js/immutable-js/commit/faeb58b0cc71ed351dc51f672a95ae21bc859ef5 (v4.3.8)
 	NOTE: Fixed by: https://github.com/immutable-js/immutable-js/commit/94bcd3c79972db4afffd8d1e5aab415880098b05 (v4.3.8)
+	NOTE: Fixed by: https://github.com/immutable-js/immutable-js/commit/6e2cf1cfe6137e72dfa48fc2cfa8f4d399d113f9 (v3.8.3)
 CVE-2026-28514 (Rocket.Chat is an open-source, secure, fully customizable communicatio ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2026-28106 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in K ...)
@@ -4325,6 +4327,8 @@ CVE-2025-11143 (The Jetty URI parser has some key differences to other common pa
 	- jetty9 <unfixed>
 	- jetty <removed>
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
+	NOTE: Fixed by: https://github.com/jetty/jetty.project/pull/14014 (jetty-12.1.x)
+	NOTE: Fixed by: https://github.com/jetty/jetty.project/pull/14011 (jetty-9.4.x)
 CVE-2024-43035 (Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arb ...)
 	NOT-FOR-US: Fonoster
 CVE-2026-3523 (The Apocalypse Meow plugin for WordPress is vulnerable to SQL Injectio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d707f908a92c9c04419b4efe5e659a7894d0f1a7...db7e2de5be97c64075520513035a69dcc341fe1d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d707f908a92c9c04419b4efe5e659a7894d0f1a7...db7e2de5be97c64075520513035a69dcc341fe1d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/1f0f2e18/attachment.htm>

More information about the debian-security-tracker-commits mailing list