[Git][security-tracker-team/security-tracker][master] Adjust notes for CVE-2026-443{7,8}/glibc
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed May 27 06:20:51 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d7e41901 by Salvatore Bonaccorso at 2026-05-27T07:20:18+02:00
Adjust notes for CVE-2026-443{7,8}/glibc
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -38533,7 +38533,9 @@ CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswit
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34015
NOTE: Proposed patch: https://inbox.sourceware.org/libc-alpha/20260320194250.1089143-1-carlos@redhat.com/
NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
- NOTE: Introduced with: https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
+ NOTE: Introduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=e32547d661a43da63368e488b6cfa9c53b4dcf92 (glibc-2.37)
+ NOTE: Backported and introduced in glibc-2.36 branch: https://sourceware.org/git/?p=glibc.git;a=commit;h=77f523c473878ec0051582ef15161c6982879095
+ NOTE: Backported and introduced in glibc-2.34 branch: https://sourceware.org/git/?p=glibc.git;a=commit;h=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...)
- glibc 2.42-14 (bug #1131435)
[trixie] - glibc 2.41-12+deb13u3
@@ -38542,7 +38544,9 @@ CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswit
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34014
NOTE: Proposed patch: https://inbox.sourceware.org/libc-alpha/20260320194250.1089143-1-carlos@redhat.com/
NOTE: https://www.openwall.com/lists/oss-security/2026/03/23/2
- NOTE: Introduced with: https://sourceware.org/cgit/glibc/commit/?h=release/2.34/master&id=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
+ NOTE: Introduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=e32547d661a43da63368e488b6cfa9c53b4dcf92 (glibc-2.37)
+ NOTE: Backported and introduced in glibc-2.36 branch: https://sourceware.org/git/?p=glibc.git;a=commit;h=77f523c473878ec0051582ef15161c6982879095
+ NOTE: Backported and introduced in glibc-2.34 branch: https://sourceware.org/git/?p=glibc.git;a=commit;h=32e5db37684ffcbc6ae34fcc6cdcf28670506baa
CVE-2026-4434 (Improper certificate validation in the PAM propagation WinRM connectio ...)
NOT-FOR-US: Devolutions
CVE-2026-3550 (The RockPress plugin for WordPress is vulnerable to Missing Authorizat ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e419011dd9fe6190a2c556a3736e83a0b30716
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7e419011dd9fe6190a2c556a3736e83a0b30716
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/52b7dfd6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list