[Git][security-tracker-team/security-tracker][master] Add CVE-2026-33635/ruby-icalendar issue

Sat Mar 28 11:03:39 GMT 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
696bd12d by Salvatore Bonaccorso at 2026-03-28T12:01:04+01:00
Add CVE-2026-33635/ruby-icalendar issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -423,7 +423,9 @@ CVE-2026-33640 (Outline is a service that allows for collaborative documentation
 CVE-2026-33638 (Ech0 is an open-source, self-hosted publishing platform for personal i ...)
 	NOT-FOR-US: Ech0
 CVE-2026-33635 (iCalendar is a Ruby library for dealing with iCalendar files in the iC ...)
-	TODO: check
+	- ruby-icalendar <removed>
+	NOTE: https://github.com/icalendar/icalendar/security/advisories/GHSA-pv9c-9mfh-hvxq
+	NOTE: Fixed by: https://github.com/icalendar/icalendar/commit/b8d23b490363ee5fffaec1d269a8618a912ca265 (v2.12.2)
 CVE-2026-33628 (Invoice Ninja is a source-available invoice, quote, project and time-t ...)
 	NOT-FOR-US: Invoice Ninja
 CVE-2026-33623 (PinchTab is a standalone HTTP server that gives AI agents direct contr ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696bd12defbd86344efb29276b115e45871478cf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/696bd12defbd86344efb29276b115e45871478cf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/a0c2e788/attachment.htm>
