[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for golang-golang-x-image issues

Sat May 30 09:00:13 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14391fda by Salvatore Bonaccorso at 2026-05-30T09:58:52+02:00
Add Debian bug reference for golang-golang-x-image issues

- - - - -
7bc7008d by Salvatore Bonaccorso at 2026-05-30T09:59:22+02:00
Add Debian bug reference for bzip2 issue

- - - - -
0055d6fd by Salvatore Bonaccorso at 2026-05-30T09:59:44+02:00
Add Debian bug reference for gopls issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -18,7 +18,7 @@ CVE-2026-47266 (Formie is a Craft CMS plugin for creating forms. Prior to 2.2.21
 CVE-2026-47123 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)
 	NOT-FOR-US: FreeScout
 CVE-2026-46599 (The TIFF decoder does not place a limit on the size of PackBits-compre ...)
-	- golang-golang-x-image <unfixed>
+	- golang-golang-x-image <unfixed> (bug #1138257)
 	NOTE: https://github.com/golang/go/issues/79577
 	NOTE: https://go-review.googlesource.com/c/image/+/759960
 CVE-2026-46527 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
@@ -69,7 +69,7 @@ CVE-2026-44287 (FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1,
 CVE-2026-44285 (FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Ser ...)
 	NOT-FOR-US: FastGPT
 CVE-2026-42500 (Decoding a paletted BMP file with an out-of-range palette index result ...)
-	- golang-golang-x-image <unfixed>
+	- golang-golang-x-image <unfixed> (bug #1138257)
 	NOTE: https://github.com/golang/go/issues/79576
 	NOTE: https://go-review.googlesource.com/c/image/+/781500
 CVE-2026-34127 (A stored cross-site scripting (XSS) vulnerability has been identified  ...)
@@ -1530,7 +1530,7 @@ CVE-2026-42998 (An issue was discovered in OpenStack Keystone before 29.0.2. The
 	NOTE: https://bugs.launchpad.net/keystone/+bug/2148477
 	NOTE: https://security.openstack.org/ossa/OSSA-2026-015.html
 CVE-2026-42250 (bzip2 contains an off\u2011by\u2011one error in the bzip2recover utili ...)
-	- bzip2 <unfixed>
+	- bzip2 <unfixed> (bug #1138255)
 	NOTE: https://inbox.sourceware.org/bzip2-devel/20260528145407.293768-1-mark@klomp.org/
 	NOTE: Fixed by: https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
 CVE-2026-41565 (CryptX versions before 0.088_001 for Perl have a stack buffer overflow ...)
@@ -16602,7 +16602,7 @@ CVE-2026-43646 (Exposure of Sensitive Information to an Unauthorized Actor vulne
 CVE-2026-42509 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-42503 (gopls by default communicates via pipe. However, -port and -listen fla ...)
-	- gopls <unfixed>
+	- gopls <unfixed> (bug #1138256)
 	NOTE: https://github.com/golang/go/issues/79211
 	NOTE: https://go-review.googlesource.com/c/tools/+/774381/
 	NOTE: Fixed by: https://github.com/golang/tools/commit/90abdab4cf0af205d3d2212c73526b58c97d0bf6 (gopls/v0.22.0-pre.2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f48ad07da4c080fbbc865cc2d3cb000a153e44d...0055d6fdd9b288afbfa8f24767fb2f50f1370b3a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/9f48ad07da4c080fbbc865cc2d3cb000a153e44d...0055d6fdd9b288afbfa8f24767fb2f50f1370b3a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260530/9f2c81e6/attachment-0001.htm>
