[Git][security-tracker-team/security-tracker][master] Add new issues in mattermost-server, itp'ed

Fri May 22 20:50:43 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7dc0f3c by Salvatore Bonaccorso at 2026-05-22T21:50:24+02:00
Add new issues in mattermost-server, itp'ed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -68,19 +68,19 @@ CVE-2026-7325 (Improper authorization in the Active Directory browsing feature i
 CVE-2026-6406 (The Docker CLI --use-api-socket flag bypasses Enhanced Container Isola ...)
 	NOT-FOR-US: Docker products not packaged in Debian
 CVE-2026-5755 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-5740 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-5308 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-5171 (Improper access control in the entry activity log feature in Devolutio ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-5072 (A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remot ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2026-4646 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-4635 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-48700 (An issue was discovered in all versions of PCManFM-Qt starting from 1. ...)
 	TODO: check
 CVE-2026-46727 (An issue was discovered in Ruby 4 before 4.0.5. A race condition leadi ...)
@@ -104,9 +104,9 @@ CVE-2026-40172 (authentik is an open-source identity provider. In versions prior
 CVE-2026-40166 (authentik is an open-source identity provider. In versions prior to 20 ...)
 	TODO: check
 CVE-2026-3636 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-3473 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-39970 (TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a ...)
 	TODO: check
 CVE-2026-39969 (TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the W ...)
@@ -138,7 +138,7 @@ CVE-2026-33712 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior,
 CVE-2026-32253 (Sunshine is a self-hosted game stream host for Moonlight. In versions  ...)
 	TODO: check
 CVE-2026-28735 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
-	TODO: check
+	- mattermost-server <itp> (bug #823556)
 CVE-2026-28445 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the R ...)
 	TODO: check
 CVE-2026-28444 (Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the g ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7dc0f3c2b9544084be52760aeeda6f80a93d139

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f7dc0f3c2b9544084be52760aeeda6f80a93d139
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260522/dbff63d4/attachment.htm>
