Information on source package swupdate

Available versions

Release	Version
bullseye	2020.11-2+deb11u1
bookworm	2022.12+dfsg-4+deb12u1
trixie	2024.12.1+dfsg-3+deb13u1
forky	2025.12+dfsg-8
sid	2025.12+dfsg-10

Open issues

Bug	bullseye	bookworm	trixie	forky	sid	Description
CVE-2026-28525	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	SWUpdate contains an integer underflow vulnerability in the multipart ...
CVE-2026-6986	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A security vulnerability has been detected in Cesanta Mongoose up to 7 ...
CVE-2026-6985	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A weakness has been identified in Cesanta Mongoose up to 7.20. This vu ...
CVE-2026-5246	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A vulnerability was determined in Cesanta Mongoose up to 7.20. Affecte ...
CVE-2026-5245	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts ...
CVE-2026-5244	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A vulnerability has been found in Cesanta Mongoose up to 7.20. This af ...
CVE-2026-2968	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A vulnerability was detected in Cesanta Mongoose up to 7.20. This impa ...
CVE-2026-2967	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A security vulnerability has been detected in Cesanta Mongoose up to 7 ...
CVE-2026-2966	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	fixed	A weakness has been identified in Cesanta Mongoose up to 7.20. The imp ...
CVE-2025-65502	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	Null pointer dereference in add_ca_certs() in Cesanta Mongoose before ...
CVE-2025-51495	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	An integer overflow vulnerability exists in the WebSocket component of ...
CVE-2023-34188	vulnerable (no DSA)	vulnerable	fixed	fixed	fixed	The HTTP server in Mongoose before 7.10 accepts requests containing ne ...
CVE-2023-2905	vulnerable (no DSA)	vulnerable	fixed	fixed	fixed	Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...
CVE-2021-26530	vulnerable	fixed	fixed	fixed	fixed	The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 (compile ...
CVE-2021-26529	vulnerable	fixed	fixed	fixed	fixed	The mg_tls_init function in Cesanta Mongoose HTTPS server 7.0 and 6.7- ...
CVE-2021-26528	vulnerable	fixed	fixed	fixed	fixed	The mg_http_serve_file function in Cesanta Mongoose HTTP server 7.0 is ...
CVE-2020-25887	vulnerable	fixed	fixed	fixed	fixed	Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when r ...
CVE-2020-25756	vulnerable	fixed	fixed	fixed	fixed	A buffer overflow vulnerability exists in the mg_get_http_header funct ...
CVE-2019-19307	vulnerable	fixed	fixed	fixed	fixed	An integer overflow in parse_mqtt in mongoose.c in Cesanta Mongoose 6. ...
CVE-2019-13503	vulnerable	fixed	fixed	fixed	fixed	mq_parse_http in mongoose.c in Mongoose 6.15 has a heap-based buffer o ...
CVE-2019-12951	vulnerable	fixed	fixed	fixed	fixed	An issue was discovered in Mongoose before 6.15. The parse_mqtt() func ...