Bug#1133919: Two security issues (not CVE yet)
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 16 06:19:59 BST 2026
Control: retitle -1 luanti: CVE-2026-40959 CVE-2026-40960
Hi,
On Wed, Apr 15, 2026 at 08:01:23PM +0200, Moritz Muehlenhoff wrote:
> Source: luanti
> Severity: grave
>
> Mod security sandbox escape:
> https://github.com/luanti-org/luanti/security/advisories/GHSA-g596-mf82-w8c3
> https://github.com/luanti-org/luanti/commit/8a929dfb97aa08337f49ba1bb96a56d6557dc896 (main)
> https://github.com/luanti-org/luanti/commit/53cef183e2a85a4daff84ac1a9a7946f940da8f8 (5.15.2)
This got CVE-2026-40959 assigned.
>
>
> HTTP API and insecure environment access control bypass
> https://github.com/luanti-org/luanti/security/advisories/GHSA-22c4-238c-m5j4
> https://github.com/luanti-org/luanti/commit/0faf529bc4b89e70a275ed1162047815118f2413
> https://github.com/luanti-org/luanti/commit/827fd4cf7f989482b2dad381fa4afd642ea73e8c (5.15.2)
This got CVE-2026-40960 assigned.
Regards,
Salvatore
More information about the Pkg-games-devel
mailing list