[Git][security-tracker-team/security-tracker][master] Correct statement for CVE-2026-41409/mina

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 1 13:17:37 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
420cb868 by Salvatore Bonaccorso at 2026-05-01T14:17:05+02:00
Correct statement for CVE-2026-41409/mina

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1769,10 +1769,10 @@ CVE-2026-41462 (ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated
 	NOT-FOR-US: ProjeQtor
 CVE-2026-41409 (The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() ...)
 	- mina2 <unfixed>
-	[bookworm] - mina2 <not-affected> (Incomplete fix for CVE-2026-41409 not applied)
-	- mina <not-affected> (Incomplete fix for CVE-2026-41409 not applied)
+	[bookworm] - mina2 <not-affected> (Incomplete fix for CVE-2024-52046 not applied)
+	- mina <not-affected> (Incomplete fix for CVE-2024-52046 not applied)
 	NOTE: https://lists.apache.org/thread/9ddvsq6c4l5bhwq8l14sob4f8qjvx5c9
-	NOTE: Issue exists because of an incomplete fix for CVE-2026-41409
+	NOTE: Issue exists because of an incomplete fix for CVE-2024-52046
 CVE-2026-41081 (Improper Handling of TLS Client Authentication Failure Leading to Anon ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-40860 (JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420cb8682d74a1c92072b8bd3814dc9928757d61

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420cb8682d74a1c92072b8bd3814dc9928757d61
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/c7d934df/attachment.htm>

More information about the debian-security-tracker-commits mailing list