[Git][security-tracker-team/security-tracker][master] Add two new cargo issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed May 27 21:29:37 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3eb5adea by Salvatore Bonaccorso at 2026-05-27T22:29:05+02:00
Add two new cargo issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3091,9 +3091,19 @@ CVE-2026-9058 (Szafir SDK returns a success status code from the cryptographic d
 CVE-2026-7766 (Kenik Camera management Panel is vulnerable to Path Traversal vulnerab ...)
 	NOT-FOR-US: Kenik Camera management Panel
 CVE-2026-5223 (Cargo incorrectly handled symlinks inside of crate tarballs downloaded ...)
-	TODO: check
+	- cargo <removed>
+	- rust-cargo <unfixed>
+	NOTE: https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8
+	NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5223/
+	NOTE: https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577
+	TODO: check correctness of tracking
 CVE-2026-5222 (Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-p ...)
-	TODO: check
+	- cargo <removed>
+	- rust-cargo <unfixed>
+	NOTE: https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s
+	NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5222/
+	NOTE: https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f
+	TODO: check correctness of tracking
 CVE-2026-4915 (Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4 ...)
 	- mattermost-server <itp> (bug #823556)
 CVE-2026-47077 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eb5adea25db9bfee3fa884cc9796e4991137c54

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3eb5adea25db9bfee3fa884cc9796e4991137c54
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260527/27e82033/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list