[Git][security-tracker-team/security-tracker][master] Track fixed version for nats-server issues fixed via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri Mar 27 05:10:36 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a67d596e by Salvatore Bonaccorso at 2026-03-27T06:09:59+01:00
Track fixed version for nats-server issues fixed via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -488,21 +488,21 @@ CVE-2026-33287 (LiquidJS is a Shopify / GitHub Pages compatible template engine
 CVE-2026-33285 (LiquidJS is a Shopify / GitHub Pages compatible template engine in pur ...)
 	NOT-FOR-US: LiquidJS
 CVE-2026-33249 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	[trixie] - nats-server <not-affected> (Vulnerable code introduced later)
 	[bookworm] - nats-server <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-8m2x-3m6q-6w8j
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-15.txt
 CVE-2026-33248 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-3f24-pcvm-5jqc
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-13.txt
 CVE-2026-33223 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-pwx7-fx9r-hr4h
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-09.txt
 CVE-2026-33222 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-9983-vrx2-fg9c
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-12.txt
 CVE-2026-33201 (Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contai ...)
@@ -698,29 +698,29 @@ CVE-2026-33660 (n8n is an open source workflow automation platform. Prior to ver
 CVE-2026-33268 (Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A r ...)
 	NOT-FOR-US: Nanoleaf Lines
 CVE-2026-33247 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-x6g4-f6q3-fqvv
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-14.txt
 CVE-2026-33246 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-55h8-8g96-x4hj
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-08.txt
 CVE-2026-33219 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-8r68-gvr4-jh7j
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-11.txt
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-qrvq-68c2-7grw
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-02.txt
 CVE-2026-33218 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-vprv-35vv-q339
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-10.txt
 CVE-2026-33217 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-jxxm-27vp-c3m5
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-07.txt
 CVE-2026-33216 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-v722-jcv5-w7mc
 	NOTE: Fixed by: https://github.com/nats-io/nats-server/commit/b5b63cfc35a57075e09c1f57503d31721bed8099 (v2.12.6)
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-05.txt
@@ -881,7 +881,7 @@ CVE-2026-2349 (Improper Neutralization of Input During Web Page Generation ("Cro
 CVE-2026-2348 (Improper Neutralization of Input During Web Page Generation ("Cross-si ...)
 	NOT-FOR-US: Drupal core and addons
 CVE-2026-29785 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-52jh-2xxh-pwh6
 	NOTE: Fixed by: https://github.com/nats-io/nats-server/commit/a1488de6f2ba6e666aef0f9cce0016f7f167d6a8 (v2.12.5)
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-04.txt
@@ -890,7 +890,7 @@ CVE-2026-29092 (Kiteworks is a private data network (PDN). Prior to version 9.2.
 CVE-2026-28529 (cryptodev-linux version 1.14 and prior contain a page reference handli ...)
 	TODO: check
 CVE-2026-27889 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-pq2q-rcw4-3hr6
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-03.txt
 CVE-2026-27659 (Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 1 ...)
@@ -1925,7 +1925,7 @@ CVE-2026-3912 (Injection vulnerabilities due to validation/sanitisation of user-
 CVE-2026-33253 (SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows se ...)
 	NOT-FOR-US: SANYO DENKI
 CVE-2026-33215 (NATS-Server is a High-Performance server for NATS.io, a cloud and edge ...)
-	- nats-server <unfixed>
+	- nats-server 2.12.6-1
 	NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fcjp-h8cc-6879
 	NOTE: https://advisories.nats.io/CVE/secnote-2026-06.txt
 CVE-2026-32326 (SHARP routers do not perform authentication for some web APIs. The dev ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a67d596ef763f546a711a29e5e903166ba1e6049

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a67d596ef763f546a711a29e5e903166ba1e6049
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/5e05d77e/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list