[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-0848/nltk
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Mar 21 16:18:34 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3623b441 by Salvatore Bonaccorso at 2026-03-21T17:18:05+01:00
Update status for CVE-2026-0848/nltk
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -7182,8 +7182,10 @@ CVE-2026-21536 (Microsoft Devices Pricing Program Remote Code Execution Vulnerab
CVE-2026-1128 (The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF ch ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0848 (NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due t ...)
- - nltk <unfixed>
+ - nltk 3.9.3-1
NOTE: https://huntr.com/bounties/08b109bb-ac24-403f-9422-1c246ce60202
+ NOTE: https://github.com/nltk/nltk/pull/3477
+ NOTE: Fixed by: https://github.com/nltk/nltk/commit/27fab63c5b7689a125feb282958f630ced3a4f77 (3.9.3)
CVE-2025-70995 (An issue in Aranda Service Desk Web Edition (ASDK API 8.6) allows auth ...)
NOT-FOR-US: Aranda Service Desk Web Edition
CVE-2025-70949 (An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3623b441ea47328eb234e37b728d8474989975f9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3623b441ea47328eb234e37b728d8474989975f9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260321/f19eb2f2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list