[Git][security-tracker-team/security-tracker][master] Add CVE-2026-41889/pgx
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri May 8 21:38:15 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a743ec3f by Salvatore Bonaccorso at 2026-05-08T22:36:41+02:00
Add CVE-2026-41889/pgx
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -80,7 +80,10 @@ CVE-2026-42030 (MapServer is a system for developing web-based GIS applications.
CVE-2026-42028 (novaGallery is a php image gallery. Prior to version 2.1.1, a path tra ...)
NOT-FOR-US: novaGallery
CVE-2026-41889 (pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...)
- TODO: check
+ - golang-github-jackc-pgx-v5 <unfixed>
+ NOTE: https://github.com/jackc/pgx/security/advisories/GHSA-j88v-2chj-qfwx
+ NOTE: Fixed by: https://github.com/jackc/pgx/commit/60644f84918a8af66d14a4b0d865d4edafd955da (v5.9.2)
+ TODO: check the other golang-github-jackc-pgx* sources
CVE-2026-41887 (Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0 ...)
NOT-FOR-US: Flarum
CVE-2026-41886 (locize is a localization platform that connects code and i18n setup. P ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a743ec3feb967c9811785d8dd5818592975bde78
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a743ec3feb967c9811785d8dd5818592975bde78
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/247e86c2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list