[Git][security-tracker-team/security-tracker][master] Add CVE-2026-42250/bzip2

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c4c0d2d1 by Salvatore Bonaccorso at 2026-05-30T09:02:28+02:00
Add CVE-2026-42250/bzip2

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1451,7 +1451,9 @@ CVE-2026-42998 (An issue was discovered in OpenStack Keystone before 29.0.2. The
 	NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
 	NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
 CVE-2026-42250 (bzip2 contains an off\u2011by\u2011one error in the bzip2recover utili ...)
-	TODO: check
+	- bzip2 <unfixed>
+	NOTE: https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/
+	NOTE: Fixed by: https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
 CVE-2026-41565 (CryptX versions before 0.088_001 for Perl have a stack buffer overflow ...)
 	- libcryptx-perl 0.089-1
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/40477993/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4c0d2d1d50f40eff9d4f3cd9ccd777cec5a49a7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4c0d2d1d50f40eff9d4f3cd9ccd777cec5a49a7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260530/e4151c2b/attachment-0001.htm>