[Git][security-tracker-team/security-tracker][master] Add CVE-2026-33079/mistune
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu May 7 10:11:53 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
763d797f by Salvatore Bonaccorso at 2026-05-07T11:11:13+02:00
Add CVE-2026-33079/mistune
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -695,7 +695,10 @@ CVE-2026-34474 (Sensitive data exposure leading to admin/WLAN credential leak in
CVE-2026-34473 (Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, ...)
NOT-FOR-US: ZTE
CVE-2026-33079 (In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regula ...)
- TODO: check
+ - mistune <unfixed>
+ [bookworm] - mistune <not-affected> (Vulnerable code not present)
+ [bullseye] - mistune <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/lepture/mistune/security/advisories/GHSA-8mp2-v27r-99xp
CVE-2026-29090 (### Summary A SQL injection vulnerability exists in Rucio versions 1. ...)
TODO: check
CVE-2026-29080 (A SQL injection vulnerability in `FilterEngine.create_sqla_query()` al ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/763d797fc15d9bb1e2de1b02aee139a30d7a24e9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/763d797fc15d9bb1e2de1b02aee139a30d7a24e9
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/06a4060b/attachment.htm>
More information about the debian-security-tracker-commits
mailing list