Skip to content

Add Mise credential command CVE-2026-55448 references#8601

Draft
cookesan wants to merge 3 commits into
github:cookesan/advisory-improvement-8601from
cookesan:mise-55448-fixed-version
Draft

Add Mise credential command CVE-2026-55448 references#8601
cookesan wants to merge 3 commits into
github:cookesan/advisory-improvement-8601from
cookesan:mise-55448-fixed-version

Conversation

@cookesan

@cookesan cookesan commented Jul 7, 2026

Copy link
Copy Markdown

Summary

  • Correct the Mise credential command fixed version from 2026.6.4 to 2026.6.5.
  • Add the v2026.6.5 release reference, the credential-command fix commit reference, and the NVD reference for CVE-2026-55448.
  • Set nvd_published_at from the NVD record.
  • Leave severity, summary, and review metadata unchanged.

Validation

  • Confirmed GHSA-29hf-rm4x-xxph aliases CVE-2026-55448 and affects crates.io package mise beginning at 2026.3.15.
  • Confirmed NVD returns CVE-2026-55448 with published timestamp 2026-06-26T18:17:01.323; the advisory timestamp is set to 2026-06-26T18:17:01Z.
  • Confirmed v2026.6.5 is a non-draft, non-prerelease release and its notes include the credential command trust fix via #10356.
  • Confirmed the v2026.6.4...v2026.6.5 compare includes fix commit 15e97c48bfb0ef835f49d6ce50b41b5653550869, and v2026.6.5 is a descendant of that commit.
  • Confirmed crates.io publishes mise 2026.6.4 and 2026.6.5 and neither version is yanked.
  • Ran jq empty, git diff --check upstream/main...HEAD, duplicate-reference checks, and open-PR search; no issues found.
  • Confirmed the advisory processing check passes after the timestamp commit.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8601 July 7, 2026 12:02
@cookesan cookesan changed the title Correct Mise credential command fixed version Add Mise credential command CVE-2026-55448 references Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant