[Git][security-tracker-team/security-tracker][master] Add CVE-2026-28525/swupdate

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
68ed843e by Salvatore Bonaccorso at 2026-05-01T22:51:48+02:00
Add CVE-2026-28525/swupdate

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4428,7 +4428,8 @@ CVE-2026-29051 (melange allows users to build apk packages using declarative pip
 CVE-2026-29050 (melange allows users to build apk packages using declarative pipelines ...)
 	NOT-FOR-US: melange
 CVE-2026-28525 (SWUpdate contains an integer underflow vulnerability in the multipart  ...)
-	TODO: check
+	- swupdate <unfixed>
+	NOTE: Fixed by: https://github.com/sbabic/swupdate/commit/beee2dc0feef1cfe84f1aa6fc980e104b2e47a74
 CVE-2026-27843 (A vulnerability exists inSenseLive X3050's web management interface th ...)
 	NOT-FOR-US: SenseLive
 CVE-2026-27841 (A vulnerability inSenseLiveX3050's web management interface allows sta ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ed843e28206cc40e22e1281d42dc5906ab5e86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/68ed843e28206cc40e22e1281d42dc5906ab5e86
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/4eda811f/attachment.htm>