Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ad2d4643 by Moritz Muehlenhoff at 2026-02-03T15:11:23+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -165,21 +165,29 @@ CVE-2026-1580
CVE-2026-1767 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
- localsearch <unfixed>
- tracker-miners <removed>
+ [trixie] - tracker-miners <no-dsa> (Minor issue)
+ [bookworm] - tracker-miners <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/429
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/2897ca48b7ae79db7dcfe7e66cdd5d75cb641466
CVE-2026-1766 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor
(ID3v2.3 COMM Tags)]
- localsearch <unfixed>
- tracker-miners <removed>
+ [trixie] - tracker-miners <no-dsa> (Minor issue)
+ [bookworm] - tracker-miners <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/428
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/9cc562cc126c408efb2a8220fcd67f006902412c
CVE-2026-1765 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX
Tags)]
- localsearch <unfixed>
- tracker-miners <removed>
+ [trixie] - tracker-miners <no-dsa> (Minor issue)
+ [bookworm] - tracker-miners <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/427
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/79f47309bad068ff0c19c1431abab6766edc687f
CVE-2026-1764 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
- localsearch <unfixed>
- tracker-miners <removed>
+ [trixie] - tracker-miners <no-dsa> (Minor issue)
+ [bookworm] - tracker-miners <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/425
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/5337e2977f159c29e2b8af575e56866862af241b
CVE-2026-24071 (It was found that the XPC service offered by the privileged
helper of ...)
@@ -248,12 +256,20 @@ CVE-2026-1770 (Improper Control of Dynamically-Managed
Code Resources vulnerabil
NOT-FOR-US: Crafter CMS
CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow
vulnerab ...)
- libsoup3 <unfixed> (bug #1126877)
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0
CVE-2026-1760 (A flaw was found in SoupServer. This HTTP request smuggling
vulnerabil ...)
- libsoup3 <unfixed> (bug #1126876)
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/475
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/6224df5a471e9040a99dd3dc2e91817a701b1bf6
CVE-2026-1757 (A flaw was identified in the interactive shell of the xmllint
utility, ...)
@@ -5149,6 +5165,7 @@ CVE-2025-14376 (A security issue was discovered within
the legacy ADI server com
NOT-FOR-US: Rockwell Automation
CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains
an inte ...)
- libchdr 0.0~git20250608.8bba774+dfsg-2 (bug #1126694)
+ [trixie] - libchdr <no-dsa> (Minor issue)
NOTE: qtads, dosbox-x and love bundle a copy, but these are standalone
end user apps, so no security impact
NOTE:
https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0
NOTE: https://www.kb.cert.org/vuls/id/924114
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2d4643a6dfd38397bf2795d8c75eb7c6cb3527
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2d4643a6dfd38397bf2795d8c75eb7c6cb3527
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
