[Git][security-tracker-team/security-tracker][master] Process some new mattermost-server issues

Thu Mar 26 10:36:07 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
90faba6c by Salvatore Bonaccorso at 2026-03-26T11:35:44+01:00
Process some new mattermost-server issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -519,9 +519,9 @@ CVE-2026-27889 (NATS-Server is a High-Performance server for NATS.io, a cloud an
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-03.txt
 CVE-2026-27659 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-27656 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-27602 (Modoboa is a mail hosting and management platform. Prior to version 2. ...)
 	NOT-FOR-US: Modoboa
 CVE-2026-27496 (n8n is an open source workflow automation platform. Prior to versions  ...)
@@ -585,7 +585,7 @@ CVE-2026-26831 (textract through 2.5.0 is vulnerable to OS Command Injection via
 CVE-2026-26830 (pdf-image (npm package) through version 2.0.0 allows OS command inject ...)
 	TODO: check
 CVE-2026-26233 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-25645 (Requests is a HTTP library. Prior to version 2.33.0, the `requests.uti ...)
 	TODO: check
 CVE-2026-25469 (Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill ...)
@@ -897,7 +897,7 @@ CVE-2026-22480 (Deserialization of Untrusted Data vulnerability in WebToffee Pro
 CVE-2026-22448 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2026-20719 (Mattermost versions 11.4.x <= 11.4.0, 11.3.x <= 11.3.1, 11.2.x <= 11.2 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-20125 (A vulnerability in the HTTP Server feature of Cisco IOS Software and C ...)
 	NOT-FOR-US: Cisco
 CVE-2026-20115 (A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90faba6c80730c4ac4324de03cb0349a692aa46a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/90faba6c80730c4ac4324de03cb0349a692aa46a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260326/cbf95ceb/attachment.htm>
