[Git][security-tracker-team/security-tracker][master] Add new set of incus issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 27 05:06:56 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b6d43da7 by Salvatore Bonaccorso at 2026-03-27T06:06:34+01:00
Add new set of incus issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,35 @@
+CVE-2026-33542
+	- incus 6.0.6-2
+	- lxd <removed>
+	NOTE: https://github.com/lxc/incus/pull/3092
+	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-p8mm-23gg-jc9r
+CVE-2026-33711
+	- incus 6.0.6-2 (unimportant)
+	NOTE: https://github.com/lxc/incus/pull/3092
+	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-q9vp-3wcg-8p4x
+	NOTE: Kernel hardening with fs.protected_symlinks protects against exploiting
+	NOTE: the issue.
+CVE-2026-33743
+	- incus 6.0.6-2
+	- lxd <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/lxc/incus/pull/3092
+	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-vg76-xmhg-j5x3
+CVE-2026-33897
+	- incus 6.0.6-2
+	[trixie] - incus <not-affected> (Vulnerable code not present)
+	- lxd <not-affected> (Vulnerable code not present)
+	NOTE: https://github.com/lxc/incus/pull/3092
+	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-83xr-5xxr-mh92
+CVE-2026-33898
+	- incus <unfixed> (unimportant)
+	NOTE: https://github.com/lxc/incus/pull/3092
+	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-453r-g2pg-cxxq
+	NOTE: "Web UI" HTML/JavaScript files not included in built binary packages
+CVE-2026-33945
+	- incus 6.0.6-2
+	- lxd <removed>
+	NOTE: https://github.com/lxc/incus/pull/3092
+	NOTE: https://github.com/lxc/incus/security/advisories/GHSA-q4q8-7f2j-9h9f
 CVE-2026-4926 (Impact:  A bad regular expression is generated any time you have multi ...)
 	- node-path-to-regexp <unfixed>
 	NOTE: https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-j3q9-mxjg-w52f



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6d43da7849774456471927cb9570f54ab1a7f8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b6d43da7849774456471927cb9570f54ab1a7f8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/546d85c4/attachment.htm>

More information about the debian-security-tracker-commits mailing list