Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ca63f92e by Sylvain Beucler at 2026-01-31T15:18:13+01:00
CVE-2026-23528/dask.distributed: bullseye postponed
follow bookworm triage
- - - - -
08024649 by Sylvain Beucler at 2026-01-31T15:18:13+01:00
dla: add node-lodash
- - - - -
fe97f822 by Sylvain Beucler at 2026-01-31T15:18:16+01:00
CVE-2025-15536/opencc: bullseye postponed
follow bookworm triage
- - - - -
20fe8501 by Sylvain Beucler at 2026-01-31T15:18:18+01:00
CVE-2026-24747/pytorch: bullseye postponed
follow bookworm triage
- - - - -
4fb15b00 by Sylvain Beucler at 2026-01-31T15:18:18+01:00
dla: add tcpflow
- - - - -
a40eaefa by Sylvain Beucler at 2026-01-31T15:18:21+01:00
CVE-2025-45160/cacti: bullseye postponed
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -615,6 +615,7 @@ CVE-2025-45160 (A HTML injection vulnerability exists in
the file upload functio
- cacti <unfixed>
[trixie] - cacti <no-dsa> (Minor issue)
[bookworm] - cacti <no-dsa> (Minor issue)
+ [bullseye] - cacti <postponed> (Minor issue, reflected XSS, no
JavaScript)
NOTE: https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
TODO: check if reported upstream
CVE-2025-15550 (birkir prime <= 0.4.0.beta.0 contains a cross-site request
forgery vul ...)
@@ -1162,6 +1163,7 @@ CVE-2026-24747 (PyTorch is a Python package that provides
tensor computation. Pr
- pytorch <unfixed>
[trixie] - pytorch <no-dsa> (Minor issue)
[bookworm] - pytorch <no-dsa> (Minor issue)
+ [bullseye] - pytorch <postponed> (Minor issue)
NOTE:
https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p
NOTE: https://github.com/pytorch/pytorch/issues/163105
NOTE: Fixed by:
https://github.com/pytorch/pytorch/commit/167ad09be5af5c52666759412a3804068c6955d1
@@ -5093,6 +5095,7 @@ CVE-2025-15536 (A weakness has been identified in BYVoid
OpenCC up to 1.1.9. Thi
- opencc 1.1.9+ds1-4 (bug #1126286)
[trixie] - opencc <no-dsa> (Minor issue)
[bookworm] - opencc <no-dsa> (Minor issue)
+ [bullseye] - opencc <postponed> (Minor issue)
NOTE: https://github.com/BYVoid/OpenCC/issues/997
NOTE: https://github.com/BYVoid/OpenCC/pull/1005
NOTE: Fixed by:
https://github.com/BYVoid/OpenCC/commit/345c9a50ab07018f1b4439776bad78a0d40778ec
(ver.1.2.0)
@@ -5285,6 +5288,7 @@ CVE-2026-23528 (Dask distributed is a distributed task
scheduler for Dask. Prior
- dask.distributed <unfixed>
[trixie] - dask.distributed <no-dsa> (Minor issue)
[bookworm] - dask.distributed <no-dsa> (Minor issue)
+ [bullseye] - dask.distributed <postponed> (Minor issue)
NOTE:
https://github.com/dask/distributed/security/advisories/GHSA-c336-7962-wfj2
NOTE: Fixed by:
https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa
(2026.1.1)
CVE-2026-23523 (Dive is an open-source MCP Host Desktop Application that
enables integ ...)
=====================================
data/dla-needed.txt
=====================================
@@ -270,6 +270,9 @@ netty (rouca)
NOTE: 20251127: all CVEs fixed under sid (rouca)
NOTE: 20260114: fix remaining CVE wait DSA (rouca)
--
+node-lodash
+ NOTE: 20260131: Added by Front-Desk (Beuc)
+--
node-tar
NOTE: 20260121: Added by Front-Desk (pochu)
NOTE: 20260121: also look at postponed issue (pochu)
@@ -390,6 +393,9 @@ suricata
NOTE: 20250331: re added to fix next bunch of CVEs (ta)
NOTE: 20250825: testing package (ta)
--
+tcpflow
+ NOTE: 20260131: Added by Front-Desk (Beuc)
+--
trafficserver
NOTE: 20241120: Added by Front-Desk (Beuc)
NOTE: 20241120: Upcoming DSA (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/622d7b47cb82e0fb864ff74e379734abdb457b02...a40eaefa2385edce367e78833f8bd9bf8ea11cb0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/622d7b47cb82e0fb864ff74e379734abdb457b02...a40eaefa2385edce367e78833f8bd9bf8ea11cb0
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
