[Git][security-tracker-team/security-tracker][master] Add VE-2026-44973/go-billy

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f5b6c6c3 by Salvatore Bonaccorso at 2026-05-29T16:10:39+02:00
Add VE-2026-44973/go-billy

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -553,7 +553,9 @@ CVE-2026-45288 (Marten is a .NET Transactional Document DB and Event Store on Po
 CVE-2026-45023 (AutoGPT is a workflow automation platform for creating, deploying, and ...)
 	NOT-FOR-US: AutoGPT
 CVE-2026-44973 (Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ...)
-	TODO: check
+	- golang-github-go-git-go-billy  <unfixed>
+	- golang-github-go-git-go-billy-v6 <unfixed>
+	NOTE: https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2
 CVE-2026-44885 (Portainer Community Edition is a lightweight service delivery platform ...)
 	NOT-FOR-US: Portainer
 CVE-2026-44884 (Portainer Community Edition is a lightweight service delivery platform ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b6c6c3bedcc99550218abdf6e15f62e0146546

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f5b6c6c3bedcc99550218abdf6e15f62e0146546
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/e7d4d5c3/attachment.htm>