[Git][security-tracker-team/security-tracker][master] Add 'Fixed by:' for 3 glibc CVEs
Arnaud Rebillout (@arnaudr)
arnaudr at debian.org
Wed May 27 10:10:21 BST 2026
Arnaud Rebillout pushed to branch master at Debian Security Tracker / security-tracker
Commits:
574c56fc by Arnaud Rebillout at 2026-05-27T16:09:49+07:00
Add 'Fixed by:' for 3 glibc CVEs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22096,12 +22096,14 @@ CVE-2026-5450 (Calling the scanf family of functions with a %mc (malloc'd charac
[bookworm] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34008
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0009
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=839898777226a3ed88c0859f25ffe712519b4ead
CVE-2026-5928 (Calling the ungetwc function on a FILE stream with wide characters enc ...)
- glibc <unfixed> (bug #1134544)
[trixie] - glibc <no-dsa> (Minor issue)
[bookworm] - glibc <no-dsa> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33998
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0010
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ef3bfb5f910011f3780cb06aa47e730035f53285
CVE-2026-6662 (A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The imp ...)
NOT-FOR-US: ericc-ch copilot-api
CVE-2026-6654 (Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVe ...)
@@ -33036,6 +33038,7 @@ CVE-2026-4046 (The iconv() function in the GNU C Library versions 2.43 and earli
[bookworm] - glibc 2.36-9+deb12u14
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33980
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007
+ NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=d6f08d1cf027f4eb2ba289a6cc66853722d4badc
CVE-2026-3991 (Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16. ...)
NOT-FOR-US: Symantec
CVE-2026-3945 (An integer overflow vulnerability in the HTTP chunked transfer encodin ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/574c56fc413c51fb073915bde206b94cadb70e3f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/574c56fc413c51fb073915bde206b94cadb70e3f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/691adc54/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list