Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
af122516 by Emilio Pozuelo Monfort at 2026-01-22T14:11:33+01:00
lts: triage CVE-2023-53900/spip as no-dsa
- - - - -
80a85bf7 by Emilio Pozuelo Monfort at 2026-01-22T14:11:34+01:00
lts: triage CVE-2025-15538/assimp as postponed
- - - - -
9f1abe43 by Emilio Pozuelo Monfort at 2026-01-22T14:11:36+01:00
lts: triage CVE-2026-0858/plantuml as no-dsa
- - - - -
818b7f14 by Emilio Pozuelo Monfort at 2026-01-22T14:11:37+01:00
lts: triage CVE-2025-15506/opencolorio as no-dsa
- - - - -
b34872f4 by Emilio Pozuelo Monfort at 2026-01-22T14:11:38+01:00
lts: triage wlc issues as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1082,6 +1082,7 @@ CVE-2025-15538 (A security vulnerability has been
detected in Open Asset Import
- assimp <unfixed> (bug #1126072)
[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
+ [bullseye] - assimp <postponed> (Minor issue, revisit when/if fixed
upstream)
NOTE: https://github.com/assimp/assimp/issues/6258
CVE-2026-0943 (HarfBuzz::Shaper versions before 0.032 for Perl contains a
bundled lib ...)
- libharfbuzz-shaper-perl <not-affected> (Vulnerable code not present)
@@ -1297,6 +1298,7 @@ CVE-2026-23535 (wlc is a Weblate command-line client
using Weblate's REST API. P
- wlc <unfixed> (bug #1125755)
[trixie] - wlc <no-dsa> (Minor issue)
[bookworm] - wlc <no-dsa> (Minor issue)
+ [bullseye] - wlc <no-dsa> (Minor issue)
NOTE:
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg
NOTE: https://github.com/WeblateOrg/wlc/pull/1128
NOTE: Fixed by:
https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f
(1.17.2)
@@ -1565,6 +1567,7 @@ CVE-2026-0858 (Versions of the package
net.sourceforge.plantuml:plantuml before
- plantuml <unfixed> (bug #1125750)
[trixie] - plantuml <no-dsa> (Minor issue)
[bookworm] - plantuml <no-dsa> (Minor issue)
+ [bullseye] - plantuml <no-dsa> (Minor issue)
NOTE:
https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEPLANTUML-14552230
NOTE:
https://github.com/plantuml/plantuml/commit/6826315db092d2e432aeab1a0894e08017c6e4bd
(v1.2026.0)
CVE-2026-0203 (An Improper Handling of Exceptional Conditions vulnerability in
packet ...)
@@ -3923,6 +3926,7 @@ CVE-2026-22251 (wlc is a Weblate command-line client
using Weblate's REST API. P
- wlc <unfixed> (bug #1125441)
[trixie] - wlc <no-dsa> (Minor issue)
[bookworm] - wlc <no-dsa> (Minor issue)
+ [bullseye] - wlc <no-dsa> (Minor issue)
NOTE:
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766
NOTE: https://github.com/WeblateOrg/wlc/pull/1098
NOTE: Fixed by:
https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797
(1.17.0)
@@ -3930,6 +3934,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client
using Weblate's REST API. P
- wlc <unfixed> (bug #1125440)
[trixie] - wlc <no-dsa> (Minor issue)
[bookworm] - wlc <no-dsa> (Minor issue)
+ [bullseye] - wlc <no-dsa> (Minor issue)
NOTE:
https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh
NOTE: https://github.com/WeblateOrg/wlc/pull/1097
NOTE: Fixed by:
https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3
(1.17.0)
@@ -4076,6 +4081,7 @@ CVE-2025-15506 (A vulnerability was found in
AcademySoftwareFoundation OpenColor
- opencolorio <unfixed> (bug #1125416)
[trixie] - opencolorio <no-dsa> (Minor issue)
[bookworm] - opencolorio <no-dsa> (Minor issue)
+ [bullseye] - opencolorio <no-dsa> (Minor issue)
NOTE:
https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228
NOTE: https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231
NOTE: Fixed by:
https://github.com/AcademySoftwareFoundation/OpenColorIO/commit/095ae2d9fff0c292212a652a32206ab0bed53179
(v2.5.1)
@@ -16128,6 +16134,7 @@ CVE-2023-53901 (WBCE CMS 1.6.1 contains a cross-site
scripting vulnerability tha
CVE-2023-53900 (Spip 4.1.10 contains a file upload vulnerability that allows
attackers ...)
- spip <unfixed> (bug #1125413)
[trixie] - spip <no-dsa> (Minor issue)
+ [bullseye] - spip <no-dsa> (Minor issue)
NOTE: https://www.exploit-db.com/exploits/51557
CVE-2023-53899 (PodcastGenerator 3.2.9 contains a blind server-side request
forgery vu ...)
NOT-FOR-US: PodcastGenerator
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d2492fbd00f3fe58075636a2e9e9a1b9b27e21b1...b34872f4f7369e247d6a6e4de1117ad7baeedf6c
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d2492fbd00f3fe58075636a2e9e9a1b9b27e21b1...b34872f4f7369e247d6a6e4de1117ad7baeedf6c
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
