[Git][security-tracker-team/security-tracker][master] Track fixed version for thrift issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 9 19:01:43 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2854bf4f by Salvatore Bonaccorso at 2026-05-09T20:00:25+02:00
Track fixed version for thrift issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4595,7 +4595,7 @@ CVE-2026-5766 (An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14
NOTE: Fixed by: https://github.com/django/django/commit/2ec27eda3ba6c14f0856e6e3eb1df07c41fd95e6 (5.2.14)
CVE-2026-43869 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/3
NOTE: java bindings not built in Debian package
CVE-2026-7824 (An issue was discovered in the PaperCut Hive Ricoh embedded applicatio ...)
@@ -5045,7 +5045,7 @@ CVE-2025-13605 (3onedata modbus gateway device modelGW1101-1D(RS-485)-TB-P (hard
NOT-FOR-US: 3onedata modbus gateway
CVE-2026-43870 (Origin Validation Error, Improper Limitation of a Pathname to a Restri ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/4
NOTE: nodejs bindings not built in Debian package
CVE-2025-70070 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial ...)
@@ -5065,7 +5065,7 @@ CVE-2025-70067 (Buffer Overflow vulnerability exists in Assimp versions up to 6.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465308
CVE-2026-43868 (Memory Allocation with Excessive Size Value vulnerability in Apache Th ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/2
NOTE: rust bindings not built in Debian package
CVE-2026-43964 (Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 somet ...)
@@ -7973,25 +7973,25 @@ CVE-2026-41873 (** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of H
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-41607 (Out-of-bounds Read vulnerability in Apache Thrift. This issue affects ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/2
CVE-2026-41606 (Uncontrolled Recursion vulnerability in Apache Thrift. This issue aff ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/3
CVE-2026-41603 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/7
CVE-2026-41602 (Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedT ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/6
@@ -8044,7 +8044,7 @@ CVE-2025-60887 (An issue was discovered in Cista v0.15 and below. Insecure deser
NOT-FOR-US: Cista
CVE-2025-48431 (Mismatched Memory Management Routines vulnerability in Apache Thrift c ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (bug #1135348)
+ - thrift 0.23.0-3 (bug #1135348)
[trixie] - thrift <no-dsa> (Minor issue)
[bookworm] - thrift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/8
@@ -8090,17 +8090,17 @@ CVE-2026-31787 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://xenbits.xen.org/xsa/advisory-487.html
CVE-2026-41636 (Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/1
NOTE: nodejs bindings not built in Debian package
CVE-2026-41605 (Integer Overflow or Wraparound vulnerability in Apache Thrift. This i ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/4
NOTE: swift bindings not built in Debian package
CVE-2026-41604 (Out-of-bounds Read vulnerability in Apache Thrift. This issue affects ...)
[experimental] - thrift 0.23.0-1
- - thrift <unfixed> (unimportant)
+ - thrift 0.23.0-3 (unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/5
NOTE: swift bindings not built in Debian package
CVE-2026-7234 (A weakness has been identified in BrowserOperator browser-operator-cor ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2854bf4f8bfd78bf95dfffa7a267bfcbbff17f93
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2854bf4f8bfd78bf95dfffa7a267bfcbbff17f93
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260509/acd7132e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list