[Git][security-tracker-team/security-tracker][master] trixe/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c3dfd200 by Moritz Muehlenhoff at 2026-01-23T16:17:02+01:00
trixe/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -366,6 +366,8 @@ CVE-2026-23946 (Tendenci is an open source content 
management system built for n
        NOT-FOR-US: Tendenci CMS
 CVE-2026-23893 (openCryptoki is a PKCS#11 library and provides tooling for 
Linux and A ...)
        - opencryptoki <unfixed>
+       [trixie] - opencryptoki <no-dsa> (Minor issue)
+       [bookworm] - opencryptoki <no-dsa> (Minor issue)
        NOTE: 
https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-j6c7-mvpx-jx5q
        NOTE: Fixed by: 
https://github.com/opencryptoki/opencryptoki/commit/5e6e4b42f2b1fcc1e4ef1b920e463bfa55da8b45
 CVE-2026-23887 (Group-Office is an enterprise customer relationship management 
and gro ...)
@@ -1232,6 +1234,8 @@ CVE-2025-12781 (When passing data to the b64decode(), 
standard_b64decode(), and
        - python3.11 <removed>
        - python3.9 <removed>
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        NOTE: https://github.com/python/cpython/issues/125346
        NOTE: https://github.com/python/cpython/pull/141128
        NOTE: 
https://mail.python.org/archives/list/security-annou...@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/
@@ -1540,6 +1544,8 @@ CVE-2026-0865 (User-controlled header names and values 
containing newlines can a
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        - jython <unfixed>
        [trixie] - jython <no-dsa> (Minor issue)
        [bookworm] - jython <no-dsa> (Minor issue)
@@ -1559,6 +1565,8 @@ CVE-2026-0672 (When using http.cookies.Morsel, 
user-controlled cookie values and
        - python3.11 <removed>
        - python3.9 <removed>
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        NOTE: https://github.com/python/cpython/pull/143920
        NOTE: https://github.com/python/cpython/issues/143919
        NOTE: 
https://mail.python.org/archives/list/security-annou...@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/
@@ -1595,6 +1603,8 @@ CVE-2025-15367 (The poplib module, when passed a 
user-controlled command, can ha
        - python3.11 <removed>
        - python3.9 <removed>
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
        - jython <unfixed>
@@ -1611,6 +1621,8 @@ CVE-2025-15366 (The imaplib module, when passed a 
user-controlled command, can h
        - python3.11 <removed>
        - python3.9 <removed>
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
        - jython <unfixed>
@@ -1627,6 +1639,8 @@ CVE-2025-15282 (User-controlled data URLs parsed by 
urllib.request.DataHandler a
        - python3.11 <removed>
        - python3.9 <removed>
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
        - jython <unfixed>
@@ -1647,6 +1661,8 @@ CVE-2025-11468 (When folding a long comment in an email 
header containing exclus
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
+       [bookworm] - pypy3 <no-dsa> (Minor issue)
        - jython <not-affected> (Vulnerable code not present)
        NOTE: https://github.com/python/cpython/issues/143935
        NOTE: https://github.com/python/cpython/pull/143936


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ frr/oldstable
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
+gimp (jmm)
+--
 git-lfs
 --
 imagemagick (jmm)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dfd2008cdd0b7add4da01993bef8a4981776a5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dfd2008cdd0b7add4da01993bef8a4981776a5
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits