[Git][security-tracker-team/security-tracker][master] 2 commits: lts: gpac eol

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Wed May 13 10:29:48 BST 2026 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6f9473b4 by Emilio Pozuelo Monfort at 2026-05-13T11:26:43+02:00
lts: gpac eol

- - - - -
9293915e by Emilio Pozuelo Monfort at 2026-05-13T11:27:34+02:00
lts: tor eol

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3826,6 +3826,7 @@ CVE-2026-8125 (A vulnerability was detected in code-projects Simple Chat System
 	NOT-FOR-US: code-projects
 CVE-2026-8124 (A security vulnerability has been detected in GPAC up to 26.02.0. This ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOLed in debian-security-support)
 CVE-2026-8123 (A vulnerability was determined in Open5GS up to 2.7.7. This impacts th ...)
 	- open5gs <itp> (bug #1094791)
 CVE-2026-8122 (A vulnerability was found in Open5GS up to 2.7.7. This affects the fun ...)
@@ -4405,6 +4406,7 @@ CVE-2026-4348 (The BetterDocs Pro plugin for WordPress is vulnerable to SQL Inje
 CVE-2026-44603 (Tor before 0.4.9.7 has an out-of-bounds read by one byte via a malform ...)
 	{DSA-6260-1}
 	- tor 0.4.9.8-1
+	[bullseye] - tor <end-of-life> (see DSA 5562)
 	NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41245
@@ -4412,6 +4414,7 @@ CVE-2026-44603 (Tor before 0.4.9.7 has an out-of-bounds read by one byte via a m
 CVE-2026-44602 (Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is  ...)
 	{DSA-6260-1}
 	- tor 0.4.9.8-1
+	[bullseye] - tor <end-of-life> (see DSA 5562)
 	NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41240
@@ -4419,6 +4422,7 @@ CVE-2026-44602 (Tor before 0.4.9.7 has a NULL pointer dereference when a CERT ce
 CVE-2026-44601 (Tor before 0.4.9.7, when circuit queue memory pressure exists, can exp ...)
 	{DSA-6260-1}
 	- tor 0.4.9.8-1
+	[bullseye] - tor <end-of-life> (see DSA 5562)
 	NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41237
@@ -4426,6 +4430,7 @@ CVE-2026-44601 (Tor before 0.4.9.7, when circuit queue memory pressure exists, c
 CVE-2026-44600 (Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order q ...)
 	{DSA-6260-1}
 	- tor 0.4.9.8-1
+	[bullseye] - tor <end-of-life> (see DSA 5562)
 	NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41251
@@ -4433,6 +4438,7 @@ CVE-2026-44600 (Tor before 0.4.9.7 mishandles accounting of the conflux out-of-o
 CVE-2026-44599 (Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, a ...)
 	{DSA-6260-1}
 	- tor 0.4.9.8-1
+	[bullseye] - tor <end-of-life> (see DSA 5562)
 	NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41243
@@ -4440,6 +4446,7 @@ CVE-2026-44599 (Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux l
 CVE-2026-44597 (Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE,  ...)
 	{DSA-6260-1}
 	- tor 0.4.9.8-1
+	[bullseye] - tor <end-of-life> (see DSA 5562)
 	NOTE: https://forum.torproject.org/c/news/tor-release-announcement/28
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/06/8
 	NOTE: https://gitlab.torproject.org/tpo/core/tor/-/work_items/41254
@@ -6689,6 +6696,7 @@ CVE-2026-3359 (The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contac
 	NOT-FOR-US: WordPress plugin
 CVE-2026-39103 (Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOLed in debian-security-support)
 CVE-2026-38432 (ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XS ...)
 	NOT-FOR-US: ERPNext
 CVE-2026-38431 (ERPNext v15.103.1 and before is vulnerable to Server-Side Template Inj ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ddaa0aa7f7904d72d9a697f823da58563ad590...9293915e0e3b293c60858b558de7887d56e98f2b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b5ddaa0aa7f7904d72d9a697f823da58563ad590...9293915e0e3b293c60858b558de7887d56e98f2b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260513/c05f9653/attachment.htm>

More information about the debian-security-tracker-commits mailing list