[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-32287/golang-github-antchfx-xpath: bullseye postponed

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat Mar 28 16:04:29 GMT 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cee8412 by Sylvain Beucler at 2026-03-28T17:03:25+01:00
CVE-2026-32287/golang-github-antchfx-xpath: bullseye postponed

- - - - -
783c841c by Sylvain Beucler at 2026-03-28T17:03:49+01:00
CVE-2026-32285/golang-github-buger-jsonparser: bullseye postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -869,6 +869,7 @@ CVE-2026-32846 (OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a
 	NOT-FOR-US: OpenClaw
 CVE-2026-32287 (Boolean XPath expressions that evaluate to true can cause an infinite  ...)
 	- golang-github-antchfx-xpath 1.3.6-1
+	[bullseye] - golang-github-antchfx-xpath <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://github.com/antchfx/xpath/issues/121
 	NOTE: Fixed by: https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494 (v1.3.6)
 	NOTE: Fix and issue overlapping with CVE-2026-4645
@@ -878,6 +879,7 @@ CVE-2026-32286 (The DataRow.Decode function fails to properly validate field len
 	NOTE: Overlapping and duplicate of CVE-2026-4427
 CVE-2026-32285 (The Delete function fails to properly validate offsets when processing ...)
 	- golang-github-buger-jsonparser 1.1.2-1
+	[bullseye] - golang-github-buger-jsonparser <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
 	NOTE: https://github.com/buger/jsonparser/issues/275
 CVE-2026-32284 (The msgpack decoder fails to properly validate the input buffer length ...)
 	NOT-FOR-US: shamaton/msgpack



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ce46ab1a7382ec1a29ead709eb37ac554196157e...783c841cb1c61875458b6e25ec31d751f738881e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ce46ab1a7382ec1a29ead709eb37ac554196157e...783c841cb1c61875458b6e25ec31d751f738881e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/faf1e914/attachment.htm>

More information about the debian-security-tracker-commits mailing list