[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 16 08:13:18 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4d55576d by security tracker role at 2026-05-16T07:13:13+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,136 @@
-CVE-2026-8704
+CVE-2026-8696 (radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids ...)
+ TODO: check
+CVE-2026-8681 (The Essential Chat Support plugin for WordPress is vulnerable to autho ...)
+ TODO: check
+CVE-2026-8657 (Versions of the package jsondiffpatch before 0.7.6 are vulnerable to P ...)
+ TODO: check
+CVE-2026-8656 (Versions of the package jsondiffpatch before 0.7.6 are vulnerable to C ...)
+ TODO: check
+CVE-2026-45675 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45672 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45671 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45667 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45666 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45665 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45402 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45401 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45400 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45399 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45398 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45397 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45396 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45395 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45387 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45386 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45385 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45365 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45351 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45350 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45349 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45347 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45346 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45345 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45339 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45338 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45331 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45318 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45317 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45316 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45315 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45314 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45303 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45301 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-45299 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44721 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44571 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44570 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44569 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44568 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44567 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44566 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44565 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44564 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44563 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44562 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44561 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44560 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44559 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44558 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44557 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44556 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44555 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44554 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44553 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44552 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44551 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44550 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2026-44549 (Open WebUI is a self-hosted artificial intelligence platform designed ...)
+ TODO: check
+CVE-2025-67031 (ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 conta ...)
+ TODO: check
+CVE-2026-8704 (Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing ex ...)
- libcrypt-dsa-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40104289/
NOTE: Fixed by: https://github.com/perl-Crypt-OpenPGP/Crypt-DSA/commit/e7dc7836594908d6e9abf74b0a66f12a78569d1c (1.20)
-CVE-2026-8700
+CVE-2026-8700 (Crypt::DSA versions before 1.20 for Perl generate seeds using rand. S ...)
- libcrypt-dsa-perl <unfixed>
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40104301/
NOTE: Fixed by: https://github.com/perl-Crypt-OpenPGP/Crypt-DSA/commit/43f2ad133bca76c57665f42eb0dc8042df54d3f1 (1.20)
@@ -5912,7 +6040,7 @@ CVE-2026-43284 (In the Linux kernel, the following vulnerability has been resolv
- linux 7.0.4-1
NOTE: https://git.kernel.org/linus/f4c50a4034e62ab75f1d5cdd191dd5f9c77fdff4 (7.1-rc3)
CVE-2026-7258 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before ...)
- {DSA-6256-1 DSA-6255-1}
+ {DSA-6256-1 DSA-6255-1 DLA-4586-1}
- php8.4 8.4.21-1 (bug #1136054)
- php8.2 <removed>
- php7.4 <removed>
@@ -5922,28 +6050,28 @@ CVE-2026-7258 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* b
NOTE: https://github.com/php/php-src/commit/398b7dabfbd2e8f4f4ed2065dbcf3e3794e8ca47
NOTE: https://github.com/php/php-src/commit/a38418777f65780d9d622197677e90567690fc07
CVE-2026-7568 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before ...)
- {DSA-6256-1 DSA-6255-1}
+ {DSA-6256-1 DSA-6255-1 DLA-4586-1}
- php8.4 8.4.21-1 (bug #1136054)
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57
NOTE: https://github.com/php/php-src/commit/47def8ce1db1fdbffcfc1f5bb11877a0e22d4b32
CVE-2026-7262 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before ...)
- {DSA-6256-1 DSA-6255-1}
+ {DSA-6256-1 DSA-6255-1 DLA-4586-1}
- php8.4 8.4.21-1 (bug #1136054)
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv
NOTE: https://github.com/php/php-src/commit/79551ab8b1a97760c739e372f9bc359619f3554d
CVE-2026-7261 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before ...)
- {DSA-6256-1 DSA-6255-1}
+ {DSA-6256-1 DSA-6255-1 DLA-4586-1}
- php8.4 8.4.21-1 (bug #1136054)
- php8.2 <removed>
- php7.4 <removed>
NOTE: https://github.com/php/php-src/commit/db2a7f9348fd5dda5fd162061786a664c417bf5b
NOTE: https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q
CVE-2026-6722 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before ...)
- {DSA-6256-1 DSA-6255-1}
+ {DSA-6256-1 DSA-6255-1 DLA-4586-1}
- php8.4 8.4.21-1 (bug #1136054)
- php8.2 <removed>
- php7.4 <removed>
@@ -5973,7 +6101,7 @@ CVE-2026-7259 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* b
NOTE: https://github.com/php/php-src/commit/79a054eae016c56409432e69aebc8ca908a88838
NOTE: Introduced with: https://github.com/php/php-src/commit/73455778d4ae35110a987f1019e548aff721c3af (php-8.0.0RC2)
CVE-2026-6735 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before ...)
- {DSA-6256-1 DSA-6255-1}
+ {DSA-6256-1 DSA-6255-1 DLA-4586-1}
- php8.4 8.4.21-1 (bug #1136054)
- php8.2 <removed>
- php7.4 <removed>
@@ -18595,7 +18723,7 @@ CVE-2026-41015 (radare2 before 9236f44, when configured on UNIX without SSL, all
NOTE: Introduced with: https://github.com/radareorg/radare2/commit/01ca2f61fa43bd3f4b732447de31b16039d820c0 (6.1.4)
NOTE: Fixed by: https://github.com/radareorg/radare2/commit/9236f44a28812fe911814e1b3a7bcf1e4de5d3c2 (6.1.4)
CVE-2026-40962 (FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds ...)
- {DSA-6268-1}
+ {DSA-6276-1 DSA-6268-1}
- ffmpeg 7:8.1-1
[bullseye] - ffmpeg <postponed> (minor issue)
NOTE: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22348
@@ -20393,6 +20521,7 @@ CVE-2026-6194 (A weakness has been identified in Totolink A3002MU B20211125.1046
CVE-2026-6193 (A security flaw has been discovered in PHPGurukul Daily Expense Tracki ...)
NOT-FOR-US: PHPGurukul
CVE-2026-6192 (A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This ...)
+ {DSA-6277-1}
- openjpeg2 2.5.4-1.1 (bug #1133832)
NOTE: https://github.com/uclouvain/openjpeg/issues/1619
NOTE: https://github.com/uclouvain/openjpeg/pull/1628
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d55576db5fbad3f725f41bd18e08f23bca549f7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4d55576db5fbad3f725f41bd18e08f23bca549f7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260516/357ce4e7/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list