[Git][security-tracker-team/security-tracker][master] Process some new mattermost-server issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 16 21:34:32 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ce799d4c by Salvatore Bonaccorso at 2026-03-16T22:33:37+01:00
Process some new mattermost-server issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -115,23 +115,23 @@ CVE-2026-30875 (Chamilo LMS is a learning management system. Prior to version 1.
 CVE-2026-30405 (An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a d ...)
 	TODO: check
 CVE-2026-2578 (Mattermost versions 11.3.x <= 11.3.0 fail to preserve the redacted sta ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-2476 (Mattermost Plugins versions <=2.0.3.0 fail to properly mask sensitive  ...)
 	NOT-FOR-US: Mattermost Plugins
 CVE-2026-2463 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-2462 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-2461 (Mattermost Plugins versions <=11.3 11.0.3 11.2.2 10.10.11.0 fail to im ...)
 	NOT-FOR-US: Mattermost Plugins
 CVE-2026-2458 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-2457 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-2456 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-2455 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-2326
 	REJECTED
 CVE-2026-29521 (Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-s ...)
@@ -153,27 +153,27 @@ CVE-2026-28430 (Chamilo LMS is a learning management system. Prior to version 1.
 CVE-2026-27962 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
 	TODO: check
 CVE-2026-26304 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2 fail to verify  ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-26246 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-25783 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-25780 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-25369 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-24692 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-24458 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-23862 (Dell ThinOS 10 versions prior to ThinOS 2602_10.0573, contain an Impro ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2026-23489 (Fields is a GLPI plugin that allows users to add custom fields on GLPI ...)
 	NOT-FOR-US: GLPI plugin
 CVE-2026-22545 (Mattermost versions 10.11.x <= 10.11.10 fail to validate user's authen ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-21386 (Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10. ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2025-69809 (A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows una ...)
 	TODO: check
 CVE-2025-69808 (An out-of-bounds memory access (OOB) in p2r3 Bareiron commit 8e4d40 al ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce799d4cc9f474bb3492c7c67ec54442d30a7b98

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce799d4cc9f474bb3492c7c67ec54442d30a7b98
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260316/20d17d5c/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list