[Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-41254/lcms2
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 1 13:41:23 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
753c01f8 by Salvatore Bonaccorso at 2026-05-01T14:41:14+02:00
Track fixed version for CVE-2026-41254/lcms2
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6648,7 +6648,7 @@ CVE-2026-5250
CVE-2026-4801 (The Page Builder Gutenberg Blocks \u2013 CoBlocks plugin for WordPress ...)
NOT-FOR-US: WordPress plugin
CVE-2026-41254 (Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in ...)
- - lcms2 <unfixed> (bug #1134335)
+ - lcms2 2.17-1.1 (bug #1134335)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/17/16
NOTE: https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/
NOTE: Fixed by: https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0 (master)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753c01f8a9b8bcd5dadda70c69bd053126c08e31
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/753c01f8a9b8bcd5dadda70c69bd053126c08e31
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/13d180b5/attachment.htm>
More information about the debian-security-tracker-commits
mailing list