CVE-2026-11852

NameCVE-2026-11852
DescriptionDebusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
debusine (PTS)trixie0.11.3vulnerable
forky, sid0.14.9fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
debusinesource(unstable)0.14.6

Notes

[trixie] - debusine <no-dsa> (Will be fixed via point release)
https://salsa.debian.org/freexian-team/debusine/-/work_items/1499
https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836
https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a
Search for package or bug name: Reporting problems