[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-48961

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 27 16:23:19 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
524a747d by Salvatore Bonaccorso at 2026-05-27T17:22:49+02:00
Update status for CVE-2026-48961

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1662,8 +1662,11 @@ CVE-2026-48962 (IO::Compress versions before 2.220 for Perl can execute arbitrar
 	NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610 (v2.220)
 CVE-2026-48961 (IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetai ...)
 	- libio-compress-perl <unfixed>
-	- perl <unfixed>
+	[bookworm] - libio-compress-perl <not-affected> (Vulnerable code introduced later)
+	[bullseye] - libio-compress-perl <not-affected> (Vulnerable code introduced later)
+	- perl <not-affected> (Vulnerable code introduced later)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434383/
+	NOTE: Introduced with: https://github.com/pmqs/IO-Compress/commit/ddfe67584a228877e5d28840da75ff32e435a5e3 (v2.207)
 	NOTE: Fixed by: https://github.com/pmqs/IO-Compress/commit/33c89d03d6e746ed2ead4f2f6570d47864c61bc7 (v2.220)
 CVE-2026-48959 (IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaust ...)
 	- libio-compress-perl <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524a747d79c43d08c79ec9452e5f31b7c0e71708

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/524a747d79c43d08c79ec9452e5f31b7c0e71708
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/5755b809/attachment.htm>

More information about the debian-security-tracker-commits mailing list