Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2bfe68fd by Moritz Muehlenhoff at 2026-01-19T16:28:56+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3044,16 +3044,16 @@ CVE-2026-0824 (A security flaw has been discovered in
questdb ui up to 1.11.9. I
NOT-FOR-US: questdb ui
CVE-2026-0822 (A vulnerability was identified in quickjs-ng quickjs up to
0.11.0. Thi ...)
- quickjs <unfixed>
+ [trixie] - quickjs <no-dsa> (Minor issue)
NOTE: https://github.com/quickjs-ng/quickjs/issues/1297
NOTE: https://github.com/quickjs-ng/quickjs/pull/1298
NOTE: Fixed by:
https://github.com/quickjs-ng/quickjs/commit/53eefbcd695165a3bd8c584813b472cb4a69fbf5
- TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng,
#1120722
CVE-2026-0821 (A vulnerability was determined in quickjs-ng quickjs up to
0.11.0. Thi ...)
- quickjs <unfixed>
+ [trixie] - quickjs <no-dsa> (Minor issue)
NOTE: https://github.com/quickjs-ng/quickjs/issues/1296
NOTE: https://github.com/quickjs-ng/quickjs/pull/1299
NOTE: Fixed by:
https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5
- TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng,
#1120722
CVE-2025-62235 (Authentication Bypass by Spoofing vulnerability in Apache
NimBLE. Rec ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-53477 (NULL Pointer Dereference vulnerability in Apache Nimble.
Missing vali ...)
@@ -157415,6 +157415,7 @@ CVE-2024-6442 (In ascs_cp_rsp_add in
/subsys/bluetooth/audio/ascs.c, an unchecke
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2024-47855 (util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an
unbalance ...)
- libjson-java 3.1.0+dfsg-1 (bug #1084191)
+ [bookworm] - libjson-java <no-dsa> (Minor issue)
[bullseye] - libjson-java <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e
(v3.1.0)
CVE-2024-47854 (An XSS vulnerability was discovered in Veritas Data Insight
before 7.1 ...)
@@ -398248,38 +398249,38 @@ CVE-2021-40267
RESERVED
CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in
PluginTIFF.cpp is vul ...)
- freeimage <unfixed> (bug #1055305)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <postponed> (Fix together with some other upload,
low severity, DoS in user interactive software)
NOTE: https://sourceforge.net/p/freeimage/bugs/334/
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40266.patch
CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad
function ...)
- freeimage <unfixed> (bug #1055304)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/337/
CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before
1.18.0 via ...)
- freeimage <unfixed> (bug #1055303)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/335/
CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the
ofLoad funct ...)
- freeimage <unfixed> (bug #1055302)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <postponed> (Fix together with some other upload,
low severity, DoS in user interactive software)
NOTE: https://sourceforge.net/p/freeimage/bugs/336/
NOTE: Patch in Fedora (not upstream'ed):
https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40263.patch
CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before
1.18.0 via ...)
- freeimage <unfixed> (bug #1055301)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/338/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bfe68fd40ef4032f09c659da35ee89264120fc9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bfe68fd40ef4032f09c659da35ee89264120fc9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
