[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-34085/fontconfig

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3f04d376 by Salvatore Bonaccorso at 2026-03-27T21:54:36+01:00
Update status for CVE-2026-34085/fontconfig

This was a regression in 2.17.0 upstream fixed in 2.17.1. We had no
2.17.0 based version ever uploaded in Debian unstable, so update the
status accordingly.

Thanks: Sylvain Beucler for the initial triage.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -720,8 +720,7 @@ CVE-2026-3210 (Incorrect Authorization vulnerability in Drupal Material Icons al
 CVE-2026-3126
 	REJECTED
 CVE-2026-34085 (fontconfig before 2.17.1 has an off-by-one error in allocation during  ...)
-	- fontconfig 2.17.1-3
-	[bullseye] - fontconfig <not-affected> (Vulnerable code introduced later)
+	- fontconfig <not-affected> (Vulnerable code in no Debian released version via unstable)
 	NOTE: https://gitlab.freedesktop.org/fontconfig/fontconfig/-/work_items/481
 	NOTE: Fixed by: https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/b9bec06d73340f1b5727302d13ac3df307b7febc (2.17.1)
 	NOTE: Introduced by: https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/bf3fbad0ffa955a63bc7b515da002d363cf4d5fc (2.17.0)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f04d37671b4f763e282a73e7746d87d4ad67c8c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3f04d37671b4f763e282a73e7746d87d4ad67c8c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260327/61091063/attachment.htm>