Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
274df599 by Moritz Muehlenhoff at 2026-01-30T17:18:59+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -86,6 +86,8 @@ CVE-2026-25210 (In libexpat before 2.7.4, the doContent
function does not proper
NOTE: Fixed by:
https://github.com/libexpat/libexpat/commit/9c2d990389e6abe2e44527eeaa8b39f16fe859c7
CVE-2026-25068 (alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to
commit ...)
- alsa-lib <unfixed> (bug #1126629)
+ [trixie] - alsa-lib <no-dsa> (Minor issue)
+ [bookworm] - alsa-lib <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/alsa-project/alsa-lib/commit/5f7fe33002d2d98d84f72e381ec2cccc0d5d3d40
CVE-2026-24780 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
NOT-FOR-US: AutoGPT
@@ -730,6 +732,8 @@ CVE-2026-24748 (Kargo manages and automates the promotion
of software artifacts.
NOT-FOR-US: Argo CD
CVE-2026-24747 (PyTorch is a Python package that provides tensor computation.
Prior to ...)
- pytorch <unfixed>
+ [trixie] - pytorch <no-dsa> (Minor issue)
+ [bookworm] - pytorch <no-dsa> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p
NOTE: https://github.com/pytorch/pytorch/issues/163105
NOTE: Fixed by:
https://github.com/pytorch/pytorch/commit/167ad09be5af5c52666759412a3804068c6955d1
@@ -817,6 +821,8 @@ CVE-2026-1504 (Inappropriate implementation in Background
Fetch API in Google Ch
[bullseye] - chromium <end-of-life> (see #1061268)
CVE-2026-XXXX [RUSTSEC-2025-0143]
- rust-capnp <unfixed>
+ [trixie] - rust-capnp <no-dsa> (Minor issue)
+ [bookworm] - rust-capnp <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2025-0143.html
NOTE: https://github.com/capnproto/capnproto-rust/issues/605
CVE-2025-13881
@@ -1015,16 +1021,22 @@ CVE-2026-21417 (Dell CloudBoost Virtual Appliance,
versions prior to 19.14.0.0,
NOT-FOR-US: Dell / EMC
CVE-2026-1489 (A flaw was found in GLib. An integer overflow vulnerability in
its Uni ...)
- glib2.0 2.86.3-5 (bug #1126549)
+ [trixie] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3872
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4983
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4984
CVE-2026-1485 (A flaw was found in Glib's content type parsing logic. This
buffer und ...)
- glib2.0 2.86.3-5 (bug #1126550)
+ [trixie] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3871
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4980
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981
CVE-2026-1484 (A flaw was found in the GLib Base64 encoding routine when
processing v ...)
- glib2.0 2.86.3-5 (bug #1126551)
+ [trixie] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3870
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4978
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4979
@@ -1725,6 +1737,8 @@ CVE-2026-24402
REJECTED
CVE-2026-24401 (Avahi is a system which facilitates service discovery on a
local netwo ...)
- avahi <unfixed> (bug #1126342)
+ [trixie] - avahi <no-dsa> (Minor issue)
+ [bookworm] - avahi <no-dsa> (Minor issue)
NOTE:
https://github.com/avahi/avahi/security/advisories/GHSA-h4vp-5m8j-f6w3
NOTE: https://github.com/avahi/avahi/issues/501
NOTE: Fixed by:
https://github.com/avahi/avahi/commit/78eab31128479f06e30beb8c1cbf99dd921e2524
@@ -2034,9 +2048,13 @@ CVE-2026-1299 (The email module, specifically the
"BytesGenerator" class, didn\
{DLA-4455-1}
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- pypy3 <unfixed>
+ [trixie] - pypy3 <no-dsa> (Minor issue)
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/issues/144125
NOTE: https://github.com/python/cpython/pull/144126
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/6ZZULGALJTITEAGEXLDJE2C6FORDXPBT/
@@ -3520,6 +3538,8 @@ CVE-2025-13878 (Malformed BRID/HHIT records can cause
`named` to terminate unexp
NOTE: Fixed by:
https://gitlab.isc.org/isc-projects/bind9/-/commit/7bf83f69a80bdc6094c2adee3595e28b1b3e19ea
(v9.21.17)
CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22 are vulnerable to
prototype poll ...)
- node-lodash <unfixed> (bug #1126265)
+ [trixie] - node-lodash <no-dsa> (Minor issue)
+ [bookworm] - node-lodash <no-dsa> (Minor issue)
NOTE:
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(),
and urlsaf ...)
- python3.14 <unfixed>
@@ -5327,6 +5347,8 @@ CVE-2025-68438 (In Apache Airflow versions before 3.1.6,
when rendered template
CVE-2026-0988 (A flaw was found in glib. Missing validation of offset and
count param ...)
[experimental] - glib2.0 2.87.1-1
- glib2.0 2.86.3-5 (bug #1125752)
+ [trixie] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3851
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/glib/-/commit/c5766cff61ffce0b8e787eae09908ac348338e5f
(2.87.1)
CVE-2026-0980
=====================================
data/dsa-needed.txt
=====================================
@@ -62,7 +62,7 @@ php-laravel-framework/oldstable
--
python-aiohttp
--
-python-django
+python-django (jmm)
--
python-tornado
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274df59991b48123b57f3e59507d74a760ad3bc9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/274df59991b48123b57f3e59507d74a760ad3bc9
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
