[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-43503 and CVE-2026-46300

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat May 23 14:47:41 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17845779 by Salvatore Bonaccorso at 2026-05-23T15:46:45+02:00
Update status for CVE-2026-43503 and CVE-2026-46300

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,6 @@
+CVE-2026-43503 [net: skbuff: propagate shared-frag marker through frag-transfer helpers]
+	- linux 7.0.9-1
+	NOTE: https://git.kernel.org/linus/48f6a5356a33dd78e7144ae1faef95ffc990aae0
 CVE-2026-9284 (The WooCommerce PayPal Payments plugin for WordPress is vulnerable to  ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2026-6898 (The Wishlist Member plugin for WordPress is vulnerable to unauthorized ...)
@@ -4800,11 +4803,12 @@ CVE-2026-42934 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx
 	NOTE: https://my.f5.com/manage/s/article/K000161028
 	NOTE: https://nginx.org/en/security_advisories.html
 	NOTE: https://github.com/nginx/nginx/commit/54b7945961b2eaafc480d6b85d9635d0db1c126a (release-1.30.1)
-CVE-2026-46300
+CVE-2026-46300 [net: skbuff: preserve shared-frag marker during coalescing]
 	- linux 7.0.9-1
 	NOTE: https://github.com/v12-security/pocs/tree/main/fragnesia
 	NOTE: https://lore.kernel.org/all/20260513041635.1289541-1-vakzz@zellic.io/
 	NOTE: https://lore.kernel.org/all/agRfuVOeMI5pbHhY@v4bel/
+	NOTE: https://git.kernel.org/linus/f84eca5817390257cef78013d0112481c503b4a3
 CVE-2026-43489 (In the Linux kernel, the following vulnerability has been resolved:  l ...)
 	- linux 6.19.10-1
 	[trixie] - linux <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17845779493787cc7db4e763eeb53bc048b6bc12

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17845779493787cc7db4e763eeb53bc048b6bc12
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260523/194a7866/attachment.htm>

More information about the debian-security-tracker-commits mailing list