[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue May 5 20:14:05 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
64fba882 by security tracker role at 2026-05-05T19:13:59+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,77 +1,249 @@
-CVE-2026-43073 [x86-64: rename misleadingly named '__copy_user_nocache()' function]
+CVE-2026-7865 (A hidden console command is vulnerable to command injection flaw when ...)
+ TODO: check
+CVE-2026-7855 (A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by ...)
+ TODO: check
+CVE-2026-7854 (A security vulnerability has been detected in D-Link DI-8100 16.07.26A ...)
+ TODO: check
+CVE-2026-7853 (A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected ...)
+ TODO: check
+CVE-2026-7851 (A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affe ...)
+ TODO: check
+CVE-2026-7847 (A vulnerability was found in chatchat-space Langchain-Chatchat up to 0 ...)
+ TODO: check
+CVE-2026-7846 (A vulnerability has been found in chatchat-space Langchain-Chatchat up ...)
+ TODO: check
+CVE-2026-7845 (A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1 ...)
+ TODO: check
+CVE-2026-7844 (A vulnerability was detected in chatchat-space Langchain-Chatchat up t ...)
+ TODO: check
+CVE-2026-7834 (A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5. ...)
+ TODO: check
+CVE-2026-7833 (A weakness has been identified in EFM ipTIME C200 up to 1.092. This vu ...)
+ TODO: check
+CVE-2026-7832 (A security flaw has been discovered in IObit Advanced SystemCare 19. T ...)
+ TODO: check
+CVE-2026-7778 (An issue that could allow a dashboard configuration to be viewed from ...)
+ TODO: check
+CVE-2026-7412 (In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, ...)
+ TODO: check
+CVE-2026-7411 (In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, ...)
+ TODO: check
+CVE-2026-6918 (In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote a ...)
+ TODO: check
+CVE-2026-6322 (fast-uri normalize() decoded percent-encoded authority delimiters insi ...)
+ TODO: check
+CVE-2026-6262 (The Betheme theme for WordPress is vulnerable to Arbitrary File Deleti ...)
+ TODO: check
+CVE-2026-6261 (The Betheme theme for WordPress is vulnerable to Arbitrary File Upload ...)
+ TODO: check
+CVE-2026-4304 (The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Inje ...)
+ TODO: check
+CVE-2026-43574 (OpenClaw before 2026.4.12 contains an improper authorization vulnerabi ...)
+ TODO: check
+CVE-2026-43573 (OpenClaw before 2026.4.10 contains a server-side request forgery polic ...)
+ TODO: check
+CVE-2026-43572 (OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authori ...)
+ TODO: check
+CVE-2026-43571 (OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability ...)
+ TODO: check
+CVE-2026-43570 (OpenClaw versions 2026.3.22 before 2026.4.5 contain a symlink traversa ...)
+ TODO: check
+CVE-2026-43569 (OpenClaw before 2026.4.9 contains an authentication bypass vulnerabili ...)
+ TODO: check
+CVE-2026-43568 (OpenClaw versions 2026.4.5 before 2026.4.10 contain a privilege escala ...)
+ TODO: check
+CVE-2026-43567 (OpenClaw before 2026.4.10 contains a path traversal vulnerability in t ...)
+ TODO: check
+CVE-2026-43566 (OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escala ...)
+ TODO: check
+CVE-2026-43535 (OpenClaw before 2026.4.14 contains an authorization context reuse vuln ...)
+ TODO: check
+CVE-2026-43534 (OpenClaw before 2026.4.10 contains an input validation vulnerability t ...)
+ TODO: check
+CVE-2026-43533 (OpenClaw before 2026.4.10 contains an arbitrary file read vulnerabilit ...)
+ TODO: check
+CVE-2026-43532 (OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord ...)
+ TODO: check
+CVE-2026-43531 (OpenClaw before 2026.4.9 contains an environment variable injection vu ...)
+ TODO: check
+CVE-2026-43530 (OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec a ...)
+ TODO: check
+CVE-2026-43529 (OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnera ...)
+ TODO: check
+CVE-2026-43528 (OpenClaw before 2026.4.14 contains a redaction bypass vulnerability th ...)
+ TODO: check
+CVE-2026-43527 (OpenClaw before 2026.4.14 contains a server-side request forgery vulne ...)
+ TODO: check
+CVE-2026-43526 (OpenClaw before 2026.4.12 contains a server-side request forgery vulne ...)
+ TODO: check
+CVE-2026-43002 (An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7 ...)
+ TODO: check
+CVE-2026-42997 (An issue was discovered in idrac in OpenStack Ironic before 35.0.1. Du ...)
+ TODO: check
+CVE-2026-42439 (OpenClaw before 2026.4.10 contains a server-side request forgery polic ...)
+ TODO: check
+CVE-2026-42438 (OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy by ...)
+ TODO: check
+CVE-2026-42437 (OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of servic ...)
+ TODO: check
+CVE-2026-42436 (OpenClaw before 2026.4.14 contains an improper access control vulnerab ...)
+ TODO: check
+CVE-2026-42435 (OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insuffici ...)
+ TODO: check
+CVE-2026-42434 (OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape v ...)
+ TODO: check
+CVE-2026-42433 (OpenClaw before 2026.4.10 contains an authorization bypass vulnerabili ...)
+ TODO: check
+CVE-2026-3601 (The User Registration & Membership plugin for WordPress is vulnerable ...)
+ TODO: check
+CVE-2026-3359 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact For ...)
+ TODO: check
+CVE-2026-39103 (Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea ...)
+ TODO: check
+CVE-2026-38432 (ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XS ...)
+ TODO: check
+CVE-2026-38431 (ERPNext v15.103.1 and before is vulnerable to Server-Side Template Inj ...)
+ TODO: check
+CVE-2026-38429 (OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in t ...)
+ TODO: check
+CVE-2026-38428 (Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerabi ...)
+ TODO: check
+CVE-2026-36356 (The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MD ...)
+ TODO: check
+CVE-2026-36355 (The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (a ...)
+ TODO: check
+CVE-2026-34408 (An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 f ...)
+ TODO: check
+CVE-2026-32689 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-31835 (Vaultwarden is a Bitwarden-compatible server written in Rust. In versi ...)
+ TODO: check
+CVE-2026-31196 (The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE ...)
+ TODO: check
+CVE-2026-31195 (The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / ...)
+ TODO: check
+CVE-2026-30923 (ModSecurity is an open source, cross platform web application firewall ...)
+ TODO: check
+CVE-2026-30246 (Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versio ...)
+ TODO: check
+CVE-2026-29168 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
+ TODO: check
+CVE-2026-28510 (eLabFTW is an open source electronic lab notebook. In elabftw versions ...)
+ TODO: check
+CVE-2026-27960 (OpenCTI is an open source platform for managing cyber threat intellige ...)
+ TODO: check
+CVE-2026-27694 (Traccar is an open source GPS tracking system. In org.traccar:traccar ...)
+ TODO: check
+CVE-2026-27693 (Traccar is an open source GPS tracking system. In org.traccar:traccar ...)
+ TODO: check
+CVE-2026-27644 (Traccar is an open source GPS tracking system. In versions between 6.1 ...)
+ TODO: check
+CVE-2026-25589 (RedisBloom is a probabilistic data structures module for Redis. In all ...)
+ TODO: check
+CVE-2026-25588 (RedisTimeSeries is a time-series module for Redis. In all versions bef ...)
+ TODO: check
+CVE-2026-25243 (Redis is an in-memory data structure store. In versions of redis-serve ...)
+ TODO: check
+CVE-2026-23631 (Redis is an in-memory data structure store. In all versions of redis-s ...)
+ TODO: check
+CVE-2026-23479 (Redis is an in-memory data structure store. In redis-server from 7.2.0 ...)
+ TODO: check
+CVE-2025-66369 (An issue was discovered in MM in Samsung Mobile Processor, Wearable Pr ...)
+ TODO: check
+CVE-2025-61669 (Jupyter Server is the backend for Jupyter web applications. In jupyter ...)
+ TODO: check
+CVE-2025-52206 (ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the sy ...)
+ TODO: check
+CVE-2025-42611 (RouterOS provides various services that rely on correct verification o ...)
+ TODO: check
+CVE-2023-54349 (AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerabili ...)
+ TODO: check
+CVE-2023-54348 (ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows auth ...)
+ TODO: check
+CVE-2023-54347 (OpenEMR 7.0.1 contains an authentication brute force vulnerability tha ...)
+ TODO: check
+CVE-2023-54346 (WordPress Plugin Backup Migration 1.2.8 contains an information disclo ...)
+ TODO: check
+CVE-2023-54345 (Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerabilit ...)
+ TODO: check
+CVE-2023-54344 (Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code executio ...)
+ TODO: check
+CVE-2023-54342 (Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code e ...)
+ TODO: check
+CVE-2026-43073 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.19.14-1
[trixie] - linux 6.12.85-1
NOTE: https://git.kernel.org/linus/d187a86de793f84766ea40b9ade7ac60aabbb4fe (7.1-rc1)
-CVE-2026-43072 [drm/vc4: platform_get_irq_byname() returns an int]
+CVE-2026-43072 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.14-1
[trixie] - linux 6.12.85-1
NOTE: https://git.kernel.org/linus/e597a809a2b97e927060ba182f58eb3e6101bc70 (7.1-rc1)
-CVE-2026-43071 [dcache: Limit the minimal number of bucket to two]
+CVE-2026-43071 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.14-1
[trixie] - linux 6.12.85-1
NOTE: https://git.kernel.org/linus/f08fe8891c3eeb63b73f9f1f6d97aa629c821579 (7.1-rc1)
-CVE-2026-43070 [bpf: Reset register ID for BPF_END value tracking]
+CVE-2026-43070 (In the Linux kernel, the following vulnerability has been resolved: b ...)
- linux 6.19.11-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/a3125bc01884431d30d731461634c8295b6f0529 (7.0-rc5)
-CVE-2026-43067 [ext4: handle wraparound when searching for blocks for indirect mapped blocks]
+CVE-2026-43067 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.19.11-1
[trixie] - linux <not-affected> (Vulnerable code not present)
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/bb81702370fad22c06ca12b6e1648754dbc37e0f (7.0-rc6)
-CVE-2026-43065 [ext4: always drain queued discard work in ext4_mb_release()]
+CVE-2026-43065 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.19.11-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/9ee29d20aab228adfb02ca93f87fb53c56c2f3af (7.0-rc6)
-CVE-2026-43064 [dmaengine: idxd: Fix not releasing workqueue on .release()]
+CVE-2026-43064 (In the Linux kernel, the following vulnerability has been resolved: d ...)
- linux 6.19.11-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/3d33de353b1ff9023d5ec73b9becf80ea87af695 (7.0-rc6)
-CVE-2026-43063 [xfs: don't irele after failing to iget in xfs_attri_recover_work]
+CVE-2026-43063 (In the Linux kernel, the following vulnerability has been resolved: x ...)
- linux 6.19.11-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/70685c291ef82269180758130394ecdc4496b52c (7.0-rc6)
-CVE-2026-43069 [Bluetooth: hci_ll: Fix firmware leak on error path]
+CVE-2026-43069 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.19.11-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE: https://git.kernel.org/linus/31148a7be723aa9f2e8fbd62424825ab8d577973 (7.0-rc6)
-CVE-2026-43068 [ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal()]
+CVE-2026-43068 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.19.11-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE: https://git.kernel.org/linus/46066e3a06647c5b186cc6334409722622d05c44 (7.0-rc6)
-CVE-2026-43066 [ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths]
+CVE-2026-43066 (In the Linux kernel, the following vulnerability has been resolved: e ...)
- linux 6.19.11-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE: https://git.kernel.org/linus/ec0a7500d8eace5b4f305fa0c594dd148f0e8d29 (7.0-rc6)
-CVE-2026-43059 [Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers]
+CVE-2026-43059 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux <not-affected> (Vulnerable code not present)
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/17f89341cb4281d1da0e2fb0de5406ab7c4e25ef (7.0-rc5)
-CVE-2026-43062 [Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()]
+CVE-2026-43062 (In the Linux kernel, the following vulnerability has been resolved: B ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE: https://git.kernel.org/linus/15145675690cab2de1056e7ed68e59cbd0452529 (7.0-rc5)
-CVE-2026-43061 [serial: 8250: Fix TX deadlock when using DMA]
+CVE-2026-43061 (In the Linux kernel, the following vulnerability has been resolved: s ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
NOTE: https://git.kernel.org/linus/a424a34b8faddf97b5af41689087e7a230f79ba7 (7.0-rc5)
-CVE-2026-43060 [netfilter: nft_ct: drop pending enqueued packets on removal]
+CVE-2026-43060 (In the Linux kernel, the following vulnerability has been resolved: n ...)
- linux 6.19.10-1
[trixie] - linux 6.12.85-1
[bookworm] - linux 6.1.170-1
@@ -81,19 +253,19 @@ CVE-2026-6502
[bookworm] - qemu <not-affected> (Vulnerable code not present)
NOTE: Introduced with: https://gitlab.com/qemu-project/qemu/-/commit/7c092f17cceef10258ed23006b40e19b14996471 (v9.2.0-rc0)
NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/30fad722ce68316d22b926ba0e6017f0440465df
-CVE-2026-6907
+CVE-2026-6907 (An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `dj ...)
- python-django 3:5.2.14-1 (bug #1135755)
NOTE: https://www.djangoproject.com/weblog/2026/may/05/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/2115d4eaee15107f5cd290d7cfcc5ffe3ad43661 (5.2.14)
-CVE-2026-35192
+CVE-2026-35192 (An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Res ...)
- python-django 3:5.2.14-1 (bug #1135755)
NOTE: https://www.djangoproject.com/weblog/2026/may/05/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/47cf968c125e3fab317e10fe150ec479e745f995 (5.2.14)
-CVE-2026-5766
+CVE-2026-5766 (An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASG ...)
- python-django 3:5.2.14-1 (bug #1135755)
NOTE: https://www.djangoproject.com/weblog/2026/may/05/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/2ec27eda3ba6c14f0856e6e3eb1df07c41fd95e6 (5.2.14)
-CVE-2026-43869
+CVE-2026-43869 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
[experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/3
@@ -508,7 +680,7 @@ CVE-2025-13618 (The Mentoring plugin for WordPress is vulnerable to privilege es
NOT-FOR-US: WordPress plugin
CVE-2025-13605 (3onedata modbus gateway device modelGW1101-1D(RS-485)-TB-P (hardware v ...)
NOT-FOR-US: 3onedata modbus gateway
-CVE-2026-43870
+CVE-2026-43870 (Origin Validation Error, Improper Limitation of a Pathname to a Restri ...)
[experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/4
@@ -522,7 +694,7 @@ CVE-2025-70069 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a d
CVE-2025-70067 (Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in ...)
- assimp <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465308
-CVE-2026-43868
+CVE-2026-43868 (Memory Allocation with Excessive Size Value vulnerability in Apache Th ...)
[experimental] - thrift 0.23.0-1
- thrift <unfixed> (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/2
@@ -10930,7 +11102,7 @@ CVE-2026-34003 (A flaw was found in the X.Org X server's XKB key types request v
NOTE: https://lists.x.org/archives/xorg-announce/2026-April/003677.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b85b00dd7b9eee05e3c12e7ad1fce4fc6671507b
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/d38c563fab5c4a554e0939da39e4d1dadef7cbae
-CVE-2026-34002 [XKB Out-of-bounds read in CheckModifierMap()]
+CVE-2026-34002 (A flaw was found in the X.Org X server. This vulnerability, an out-of- ...)
- xorg-server 2:21.1.22-1
[trixie] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
[bookworm] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
@@ -10950,7 +11122,7 @@ CVE-2026-34001 (A flaw was found in the X.Org X server. This use-after-free vuln
[bookworm] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
NOTE: https://lists.x.org/archives/xorg-announce/2026-April/003677.html
NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f19ab94ba9c891d801231654267556dc7f32b5e0
-CVE-2026-34000 [XKB Out-of-bounds Read in CheckSetGeom()]
+CVE-2026-34000 (A flaw was found in the X.Org X server. This out-of-bounds read vulner ...)
- xorg-server 2:21.1.22-1
[trixie] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
[bookworm] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
@@ -18850,7 +19022,7 @@ CVE-2025-10551 (A Stored Cross-site Scripting (XSS) vulnerability affecting Docu
NOT-FOR-US: Dassault Systemes
CVE-2024-58342 (XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially c ...)
NOT-FOR-US: XenForo
-CVE-2026-34956
+CVE-2026-34956 (A flaw was found in Open vSwitch. When Open vSwitch is configured with ...)
- openvswitch 3.7.1-1 (bug #1132449)
[trixie] - openvswitch <no-dsa> (Minor issue; can be fixed via point release)
[bookworm] - openvswitch <no-dsa> (Minor issue; can be fixed via point release)
@@ -28457,6 +28629,7 @@ CVE-2026-32612 (Statamic is a Laravel and Git powered content management system
CVE-2026-32598 (OneUptime is a solution for monitoring and managing online services. P ...)
NOT-FOR-US: OneUptime
CVE-2026-32597 (PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, P ...)
+ {DLA-4564-1}
- pyjwt 2.12.1-1 (bug #1130662)
NOTE: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f
NOTE: Fixed by: https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92 (2.12.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64fba8826e4af4ec8fbf8555ae030821afadf65a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/64fba8826e4af4ec8fbf8555ae030821afadf65a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260505/871bbee9/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list