bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 18 Jan 2026 11:38:19 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6409e9a9 by Moritz Muehlenhoff at 2026-01-18T20:37:57+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -71,9 +71,13 @@ CVE-2026-23643 (CakePHP is a rapid development framework for 
PHP. The PaginatorH
        NOTE: Fixed by: 
https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f
 (5.3.1)
 CVE-2026-22865 (Gradle is a build automation tool, and its native-platform 
tool provid ...)
        - gradle <unfixed>
+       [trixie] - gradle <no-dsa> (Minor issue)
+       [bookworm] - gradle <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-mqwm-5m85-gmcv
 CVE-2026-22816 (Gradle is a build automation tool, and its native-platform 
tool provid ...)
        - gradle <unfixed>
+       [trixie] - gradle <no-dsa> (Minor issue)
+       [bookworm] - gradle <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gradle/gradle/security/advisories/GHSA-w78c-w6vf-rw82
        NOTE: Fixed by: 
https://github.com/gradle/gradle/commit/e5707d0d8fce3d768c9c489004700d78eab1773a
 (v9.3.0-RC2)
 CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM 
interface th ...)
@@ -760,6 +764,8 @@ CVE-2026-20047 (A vulnerability in the web-based management 
interface of Cisco I
        NOT-FOR-US: Cisco
 CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled 
resource co ...)
        - libxml2 <unfixed> (bug #1125696)
+       [trixie] - libxml2 <no-dsa> (Minor issue)
+       [bookworm] - libxml2 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d
 CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This 
uncontrolled ...)
@@ -62454,7 +62460,7 @@ CVE-2025-54425 (Umbraco is an ASP.NET CMS. In versions 
13.0.0 through 13.9.2, 15
 CVE-2025-54410 (Moby is an open source container framework developed by Docker 
Inc. th ...)
        [experimental] - docker.io 28.5.2+dfsg1-1
        - docker.io <unfixed> (bug #1110408)
-       [trixie] - docker.io <no-dsa> (Minor issue)
+       [trixie] - docker.io <ignored> (Minor issue, firewalld default backend 
is nftables and works fine)
        [bookworm] - docker.io <no-dsa> (Minor issue)
        NOTE: 
https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp
        NOTE: Fixed by: 
https://github.com/moby/moby/commit/651b2feb27316cf907173c2a76cc6eb85f763663 
(25.0-branch)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6409e9a946de41c24c3db191de5a80fa440ea200

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6409e9a946de41c24c3db191de5a80fa440ea200
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to