[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Mar 30 08:14:15 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2c7cef1 by security tracker role at 2026-03-30T07:14:06+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,29 @@
+CVE-2026-5119 (A flaw was found in libsoup. When establishing HTTPS tunnels through a ...)
+	TODO: check
+CVE-2026-5107 (A vulnerability has been found in FRRouting FRR up to 10.5.1. This aff ...)
+	TODO: check
+CVE-2026-5106 (A flaw has been found in code-projects Exam Form Submission 1.0. The i ...)
+	TODO: check
+CVE-2026-5105 (A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024 ...)
+	TODO: check
+CVE-2026-5104 (A security vulnerability has been detected in Totolink A3300R 17.0.0cu ...)
+	TODO: check
+CVE-2026-5103 (A weakness has been identified in Totolink A3300R 17.0.0cu.557_b202210 ...)
+	TODO: check
+CVE-2026-5102 (A security flaw has been discovered in Totolink A3300R 17.0.0cu.557_b2 ...)
+	TODO: check
+CVE-2026-5101 (A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b202210 ...)
+	TODO: check
+CVE-2026-4946 (Ghidra versions prior to 12.0.3 improperly process annotation directiv ...)
+	TODO: check
+CVE-2026-3124 (The Download Monitor plugin for WordPress is vulnerable to Insecure Di ...)
+	TODO: check
+CVE-2026-2370 (GitLab has remediated an issue in GitLab CE/EE affecting all versions  ...)
+	TODO: check
+CVE-2025-7741 (Hardcoded Password Vulnerability have been found in CENTUM.Affected pr ...)
+	TODO: check
+CVE-2025-15036 (A path traversal vulnerability exists in the `extract_archive_to_dir`  ...)
+	TODO: check
 CVE-2026-33691 [Whitespace padding in filenames bypasses file upload extension checks]
 	- modsecurity-crs 3.3.9-1
 	NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w
@@ -10443,6 +10469,7 @@ CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/db222d6d7971100a8ba60bd5d10a2233a38ebc46 (1.24 branch)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/6aa055e9606104be1f095896d0b292b06dfb8dd9 (1.24 branch)
 CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution ...)
+	{DLA-4516-1}
 	- gst-plugins-ugly1.0 1.28.1-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0006.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/37d7991168a223d0810fd1f4493ec6a8b6a510d3 (main)
@@ -10450,6 +10477,7 @@ CVE-2026-2920 (GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Exec
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/3dc4244f030a0af077b9f87fd8ad50d4032428ef (1.26.11)
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/9f9d1f664546d99e5ca0c3ced216e76dd08b409f (1.24 branch)
 CVE-2026-2922 (GStreamer RealMedia Demuxer Out-Of-Bounds Write Remote Code Execution  ...)
+	{DLA-4516-1}
 	- gst-plugins-ugly1.0 1.28.1-1
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0005.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8a17c9d183ca3cfb5e97ae3b3f344ba79f8859df (main)
@@ -12934,7 +12962,7 @@ CVE-2026-2219 (It was discovered that dpkg-deb (a component of dpkg, the Debian
 	[bullseye] - dpkg <not-affected> (Vulnerable code introduced later)
 	NOTE: Introduced with: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2c2f7066bd8c3209762762fa6905fa567b08ca5a (1.21.18)
 	NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313 (1.23.6)
-CVE-2026-4176
+CVE-2026-4176 (Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2- ...)
 	- perl 5.10.0-21
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/38393284/
 	NOTE: Since perl/5.10.0-20 (in experimental) the packaging uses the system zlib library.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2c7cef1d36edf9d71a27b8519f9c333d23d0c54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2c7cef1d36edf9d71a27b8519f9c333d23d0c54
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260330/9ca18262/attachment.htm>

More information about the debian-security-tracker-commits mailing list