[Git][security-tracker-team/security-tracker][master] Track some thrift issues fixed via experimental upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun May 3 20:28:59 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9a195c7f by Salvatore Bonaccorso at 2026-05-03T21:27:57+02:00
Track some thrift issues fixed via experimental upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2697,15 +2697,19 @@ CVE-2026-4805 (The Woostify plugin for WordPress is vulnerable to Stored Cross-S
CVE-2026-41873 (** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Re ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41607 (Out-of-bounds Read vulnerability in Apache Thrift. This issue affects ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/2
CVE-2026-41606 (Uncontrolled Recursion vulnerability in Apache Thrift. This issue aff ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/3
CVE-2026-41603 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/7
CVE-2026-41602 (Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedT ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/6
CVE-2026-41526 (In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safel ...)
@@ -2754,6 +2758,7 @@ CVE-2025-60889 (Insecure deserialization of untrusted input in StellarGroup HPX
CVE-2025-60887 (An issue was discovered in Cista v0.15 and below. Insecure deserializa ...)
NOT-FOR-US: Cista
CVE-2025-48431 (Mismatched Memory Management Routines vulnerability in Apache Thrift c ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (bug #1135348)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/8
CVE-2025-10539 (Due to improper TLS certificate validation in the DeskTime Time Tracki ...)
@@ -2797,14 +2802,17 @@ CVE-2026-31787 (In the Linux kernel, the following vulnerability has been resolv
- linux 7.0.3-1
NOTE: https://xenbits.xen.org/xsa/advisory-487.html
CVE-2026-41636 (Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/1
NOTE: nodejs bindings not built in Debian package
CVE-2026-41605 (Integer Overflow or Wraparound vulnerability in Apache Thrift. This i ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/4
NOTE: swift bindings not built in Debian package
CVE-2026-41604 (Out-of-bounds Read vulnerability in Apache Thrift. This issue affects ...)
+ [experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/5
NOTE: swift bindings not built in Debian package
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a195c7fc339857746b686c7bc25e308b5e7ad9c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9a195c7fc339857746b686c7bc25e308b5e7ad9c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260503/d7a2cc8d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list