[Git][security-tracker-team/security-tracker][master] CVE-2026-4437,CVE-2026-4438/glibc: bullseye not-affected
Arnaud Rebillout (@arnaudr)
arnaudr at debian.org
Wed May 27 02:38:46 BST 2026
Arnaud Rebillout pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f72dd5c6 by Arnaud Rebillout at 2026-05-27T08:38:31+07:00
CVE-2026-4437,CVE-2026-4438/glibc: bullseye not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38525,18 +38525,20 @@ CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswit
- glibc 2.42-14 (bug #1131887)
[trixie] - glibc 2.41-12+deb13u3
[bookworm] - glibc 2.36-9+deb12u14
- [bullseye] - glibc <postponed> (Minor issue, specification violation)
+ [bullseye] - glibc <not-affected> (introduced in v2.34)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34015
NOTE: Proposed patch: https://inbox.sourceware.org/libc-alpha/20260320194250.1089143-1-carlos@redhat.com/
NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
+ NOTE: Introduced with: https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...)
- glibc 2.42-14 (bug #1131435)
[trixie] - glibc 2.41-12+deb13u3
[bookworm] - glibc 2.36-9+deb12u14
- [bullseye] - glibc <postponed> (Minor issue, validation issue)
+ [bullseye] - glibc <not-affected> (introduced in v2.34)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34014
NOTE: Proposed patch: https://inbox.sourceware.org/libc-alpha/20260320194250.1089143-1-carlos@redhat.com/
NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
+ NOTE: Introduced with: https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM connectio ...)
NOT-FOR-US: Devolutions
CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing Authorizat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72dd5c632f79dc7a14381c6d4747804295ddef8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f72dd5c632f79dc7a14381c6d4747804295ddef8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/2f130e3c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list