[Git][security-tracker-team/security-tracker][master] libstb triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 10 19:31:52 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e465c24b by Moritz Muehlenhoff at 2026-05-10T20:25:40+02:00
libstb triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22506,17 +22506,16 @@ CVE-2026-5316 (A vulnerability was identified in Nothings stb up to 1.22. The im
 	[trixie] - libstb <no-dsa> (Minor issue)
 	[bookworm] - libstb <no-dsa> (Minor issue)
 CVE-2026-5315 (A vulnerability was determined in Nothings stb up to 1.26. The affecte ...)
-	- libstb <unfixed>
-	[trixie] - libstb <no-dsa> (Minor issue)
-	[bookworm] - libstb <no-dsa> (Minor issue)
+	- libstb <unfixed> (unimportant)
+	NOTE: truetype parser only supported for trusted font files
 CVE-2026-5314 (A vulnerability was found in Nothings stb up to 1.26. Impacted is the  ...)
-	- libstb <unfixed>
-	[trixie] - libstb <no-dsa> (Minor issue)
-	[bookworm] - libstb <no-dsa> (Minor issue)
+	- libstb <unfixed> (unimportant)
+	NOTE: truetype parser only supported for trusted font files
 CVE-2026-5313 (A vulnerability has been found in Nothings stb up to 2.30. This issue  ...)
 	- libstb <unfixed>
 	[trixie] - libstb <no-dsa> (Minor issue)
 	[bookworm] - libstb <no-dsa> (Minor issue)
+	NOTE: https://vuldb.com/submit/780462
 CVE-2026-5312 (A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L,  ...)
 	NOT-FOR-US: D-Link
 CVE-2026-5311 (A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-3 ...)
@@ -23099,6 +23098,7 @@ CVE-2026-5186 (A weakness has been identified in Nothings stb up to 2.30. This i
 	- libstb <unfixed>
 	[trixie] - libstb <no-dsa> (Minor issue)
 	[bookworm] - libstb <no-dsa> (Minor issue)
+	NOTE: https://vuldb.com/submit/780395
 CVE-2026-4947 (Addressed a potential insecure direct object reference (IDOR) vulnerab ...)
 	NOT-FOR-US: Foxit
 CVE-2026-4819 (In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e465c24ba7caeaff6421e4ee570bfb176d895914

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e465c24ba7caeaff6421e4ee570bfb176d895914
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260510/49f59837/attachment.htm>

More information about the debian-security-tracker-commits mailing list