[Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun May 10 19:17:11 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
3e016197 by Moritz Muehlenhoff at 2026-05-10T20:16:51+02:00
bugnums
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10890,12 +10890,12 @@ CVE-2026-35378 (A logic error in the expr utility of uutils coreutils causes the
NOTE: https://github.com/uutils/coreutils/pull/11395
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/76b2f7877f558f3bfa78e3d4f49f022460f509b7 (0.8.0)
CVE-2026-35377 (A logic error in the env utility of uutils coreutils causes a failure ...)
- - rust-coreutils <unfixed>
+ - rust-coreutils <unfixed> (bug #1136207)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11512
CVE-2026-35376 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the ch ...)
- - rust-coreutils <unfixed>
+ - rust-coreutils <unfixed> (bug #1136203)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11402
@@ -10906,12 +10906,12 @@ CVE-2026-35375 (A logic error in the split utility of uutils coreutils causes th
NOTE: https://github.com/uutils/coreutils/pull/11397
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/d2b9550fe821a9a10bf0cec057509211357363f1 (0.8.0)
CVE-2026-35374 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the sp ...)
- - rust-coreutils <unfixed>
+ - rust-coreutils <unfixed> (bug #1136202)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11401
CVE-2026-35373 (A logic error in the ln utility of uutils coreutils causes the program ...)
- - rust-coreutils <unfixed>
+ - rust-coreutils <unfixed> (bug #1136201)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11403
@@ -10922,12 +10922,12 @@ CVE-2026-35372 (A logic error in the ln utility of uutils coreutils allows the u
NOTE: https://github.com/uutils/coreutils/pull/11253
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/394c4b17f2f382b4be9f54389bcb79028de02f39 (0.8.0)
CVE-2026-35371 (The id utility in uutils coreutils exhibits incorrect behavior in its ...)
- - rust-coreutils <unfixed>
+ - rust-coreutils <unfixed> (bug #1136200)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10006
CVE-2026-35370 (The id utility in uutils coreutils miscalculates the groups= section o ...)
- - rust-coreutils <unfixed>
+ - rust-coreutils <unfixed> (bug #1136199)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10006
@@ -10938,7 +10938,7 @@ CVE-2026-35369 (An argument parsing error in the kill utility of uutils coreutil
NOTE: https://github.com/uutils/coreutils/pull/9700
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/cae94028afcfa19b78dfc1072d1a22d8b2c6ca38 (0.6.0)
CVE-2026-35368 (A vulnerability exists in the chroot utility of uutils coreutils when ...)
- - rust-coreutils <unfixed>
+ - rust-coreutils <unfixed> (bug #1136198)
[trixie] - rust-coreutils <no-dsa> (Minor issue)
[bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10327
@@ -29741,7 +29741,7 @@ CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the URL
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- - jython <unfixed>
+ - jython <unfixed> (bug #1136197)
[trixie] - jython <no-dsa> (Minor issue)
[bookworm] - jython <no-dsa> (Minor issue)
[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e016197a0a313f5028049be8f17ddb6977d207c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3e016197a0a313f5028049be8f17ddb6977d207c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260510/3f8ca3bb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list