[Git][security-tracker-team/security-tracker][master] Add references for CVE-2026-40682
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 5 13:30:32 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d41449af by Salvatore Bonaccorso at 2026-05-05T14:30:02+02:00
Add references for CVE-2026-40682
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -271,6 +271,11 @@ CVE-2026-40797 (Improper Neutralization of Special Elements used in an SQL Comma
CVE-2026-40682 (XML External Entity (XXE) via Unsanitized Dictionary Parsing in Apache ...)
- apache-opennlp <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2026/05/01/19
+ NOTE: https://issues.apache.org/jira/browse/OPENNLP-1819
+ NOTE: https://github.com/apache/opennlp/pull/1019
+ NOTE: Fixed by: https://github.com/apache/opennlp/commit/b85e45f064a9b9089b65ca73c75544092fec4eae (opennlp-3.0.0-M3)
+ NOTE: https://github.com/apache/opennlp/pull/1020
+ NOTE: Fixed by: https://github.com/apache/opennlp/commit/d9aaa472e0e6672d672bfc296a69ab68f8757959 (opennlp-2.5.9)
CVE-2026-40563 (Description: Improper Control of Generation of Code ('Code Injection') ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-3456 (The GeekyBot \u2014 Generate AI Content Without Prompt, Chatbot and Le ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d41449af2c111aca4e85c98c797d52b7d3626509
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d41449af2c111aca4e85c98c797d52b7d3626509
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/57dc5b81/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list