[Git][security-tracker-team/security-tracker][master] Add two new rust-tar issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Mar 21 07:35:47 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
728892e8 by Salvatore Bonaccorso at 2026-03-21T08:35:10+01:00
Add two new rust-tar issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -363,9 +363,13 @@ CVE-2026-33060 (CKAN MCP Server is a tool for querying CKAN open data portals. V
 CVE-2026-33057 (Mesop is a Python-based UI framework that allows users to build web ap ...)
 	NOT-FOR-US: Mesop
 CVE-2026-33056 (tar-rs is a tar archive reading/writing library for Rust. In versions  ...)
-	TODO: check
+	- rust-tar <unfixed>
+	NOTE: https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph
+	NOTE: Fixed by: https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446 (0.4.45)
 CVE-2026-33055 (tar-rs is a tar archive reading/writing library for Rust. Versions 0.4 ...)
-	TODO: check
+	- rust-tar <unfixed>
+	NOTE: https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff
+	NOTE: Fixed by: https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946 (0.4.45)
 CVE-2026-33054 (Mesop is a Python-based UI framework that allows users to build web ap ...)
 	NOT-FOR-US: Mesop
 CVE-2026-33053 (Langflow is a tool for building and deploying AI-powered agents and wo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/728892e85d6f477be99e55eba3a8e2963ad5b792

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/728892e85d6f477be99e55eba3a8e2963ad5b792
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/10edd956/attachment.htm>

More information about the debian-security-tracker-commits mailing list