[Git][security-tracker-team/security-tracker][master] Add CVE-2026-30892/crun

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7faeea5a by Salvatore Bonaccorso at 2026-03-26T11:14:23+01:00
Add CVE-2026-30892/crun

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -145,7 +145,12 @@ CVE-2026-30976 (Sonarr is a PVR for Usenet and BitTorrent users. In versions on
 CVE-2026-30975 (Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0 ...)
 	NOT-FOR-US: Sonarr
 CVE-2026-30892 (crun is an open source OCI Container Runtime fully written in C. In ve ...)
-	TODO: check
+	- crun <unfixed>
+	[bookworm] - crun <not-affected> (Vulnerable code not present)
+	[bullseye] - crun <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/containers/crun/security/advisories/GHSA-4vg2-xjqj-7chj
+	NOTE: Introduced with: https://github.com/containers/crun/commit/85d4db3d8b27c9ca606eea5f007c58a752ae77aa (1.19)
+	NOTE: Fixed by: https://github.com/containers/crun/commit/1bd7f42446999b0e76bc3d575392e05c943b0b01 (1.27)
 CVE-2026-2931 (The Amelia Booking plugin for WordPress is vulnerable to Insecure Dire ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-2485 (IBM Infosphere Information Server11.7.0.0 through11.7.1.6 is vulnerabl ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7faeea5ad03fc93b445a2f881d90fcc30d05c0f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7faeea5ad03fc93b445a2f881d90fcc30d05c0f1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/629d046d/attachment.htm>