[Git][security-tracker-team/security-tracker][master] 3 commits: Add Debian bug reference for cpp-httplib issues

Sun May 31 20:26:50 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
02f5b84b by Salvatore Bonaccorso at 2026-05-31T21:25:29+02:00
Add Debian bug reference for cpp-httplib issues

- - - - -
f7e04b95 by Salvatore Bonaccorso at 2026-05-31T21:25:47+02:00
Add Debian bug reference for CVE-2026-45149

- - - - -
f660a7eb by Salvatore Bonaccorso at 2026-05-31T21:26:07+02:00
Add Debian bug reference for CVE-2025-70103/jpeg-xl

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -278,7 +278,7 @@ CVE-2026-46599 (The TIFF decoder does not place a limit on the size of PackBits-
 	NOTE: https://github.com/golang/go/issues/79577
 	NOTE: https://go-review.googlesource.com/c/image/+/759960
 CVE-2026-46527 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
-	- cpp-httplib <unfixed>
+	- cpp-httplib <unfixed> (bug #1138578)
 	NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-hg3g-vrg8-578g
 CVE-2026-46385 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro arr ...)
 	TODO: check
@@ -293,10 +293,10 @@ CVE-2026-45697 (Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20
 CVE-2026-45613 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
 	NOT-FOR-US: Rizin
 CVE-2026-45372 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
-	- cpp-httplib <unfixed>
+	- cpp-httplib <unfixed> (bug #1138578)
 	NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjxg-64p4-vj4m
 CVE-2026-45352 (cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTT ...)
-	- cpp-httplib <unfixed>
+	- cpp-httplib <unfixed> (bug #1138578)
 	NOTE: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8
 CVE-2026-45324 (Rizin is a UNIX-like reverse engineering framework and command-line to ...)
 	NOT-FOR-US: Rizin
@@ -305,7 +305,7 @@ CVE-2026-45294 (FreeScout is a free help desk and shared inbox built with PHP's
 CVE-2026-45151 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
 	NOT-FOR-US: NanoMQ MQTT Broker (NanoMQ)
 CVE-2026-45149 (The brace-expansion library generates arbitrary strings containing a c ...)
-	- node-brace-expansion <unfixed>
+	- node-brace-expansion <unfixed> (bug #1138576)
 	NOTE: https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2
 	NOTE: Fixed by: https://github.com/juliangruber/brace-expansion/commit/c0b095bdc52bc4c36dc88deddbadabc49f8371e5 (v5.0.6)
 CVE-2026-44640 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
@@ -3295,7 +3295,7 @@ CVE-2025-70116 (A NULL pointer dereference in GPAC MP4Box: when parsing certain
 	- gpac <removed>
 	NOTE: https://github.com/gpac/gpac/issues/3345
 CVE-2025-70103 (Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM im ...)
-	- jpeg-xl <unfixed>
+	- jpeg-xl <unfixed> (bug #1138575)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/7
 	NOTE: https://github.com/libjxl/libjxl/issues/4337
 	NOTE: https://github.com/libjxl/libjxl/pull/4380



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54f0c6c66f10ac48a640b050964e016906f28e52...f660a7ebf742bb7423a6a4ffd51deb582d385805

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/54f0c6c66f10ac48a640b050964e016906f28e52...f660a7ebf742bb7423a6a4ffd51deb582d385805
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260531/258a9ed3/attachment-0001.htm>
