Skip to content

[pull] master from buildroot:master#1071

Merged
pull[bot] merged 2 commits into
mir-one:masterfrom
buildroot:master
Jun 30, 2026
Merged

[pull] master from buildroot:master#1071
pull[bot] merged 2 commits into
mir-one:masterfrom
buildroot:master

Conversation

@pull

@pull pull Bot commented Jun 30, 2026

Copy link
Copy Markdown

See Commits and Changes for more details.


Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

tperale added 2 commits June 30, 2026 16:16
- CVE-2026-6192:
    A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This
    impacts the function opj_pi_initialise_encode in the library
    src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The
    attack must be carried out locally. The exploit is publicly available
    and might be used. The identifier of the patch is
    839936aa33eb8899bbbd80fda02796bb65068951. It is suggested to install a
    patch to address this issue.

For more information, see:
  - https://www.cve.org/CVERecord?id=CVE-2026-6192
  - uclouvain/openjpeg@839936a

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
This backport is provided thanks to the Debian community [1].

- CVE-2026-35535:
    In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid,
    setgid, or setgroups call, during a privilege drop before running the
    mailer, is not a fatal error and can lead to privilege escalation.

For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2026-35535

[1] https://salsa.debian.org/sudo-team/sudo/-/blob/debian/trixie/debian/patches/0006-exec_mailer-Set-group-as-well-as-uid-when-running-th.patch

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
@pull pull Bot locked and limited conversation to collaborators Jun 30, 2026
@pull pull Bot added the ⤵️ pull label Jun 30, 2026
@pull pull Bot merged commit 54de8d2 into mir-one:master Jun 30, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant