Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4c11996e by Moritz Muehlenhoff at 2026-02-03T16:22:07+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2123,6 +2123,8 @@ CVE-2026-24883 (In GnuPG before 2.5.17, a long signature
packet length causes pa
NOTE: Introduced by:
https://dev.gnupg.org/rG36dbca3e6944d13e75e96eace634e58a7d7e201d (gnupg-2.5.3)
CVE-2026-24882 (In GnuPG before 2.5.17, a stack-based buffer overflow exists
in tpm2da ...)
- gnupg2 <unfixed> (bug #1126631)
+ [trixie] - gnupg2 <no-dsa> (Minor issue)
+ [bookworm] - gnupg2 <no-dsa> (Minor issue)
NOTE: https://dev.gnupg.org/T8045
CVE-2026-24881 (In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData
message c ...)
- gnupg2 <not-affected> (Vulnerable code not present)
@@ -3002,6 +3004,8 @@ CVE-2026-1299 (The email module, specifically the
"BytesGenerator" class, didn\
CVE-2026-0994 (A denial-of-service (DoS) vulnerability exists in
google.protobuf.json ...)
[experimental] - protobuf 3.25.7-1
- protobuf <unfixed> (bug #1126302)
+ [trixie] - protobuf <no-dsa> (Minor issue)
+ [bookworm] - protobuf <no-dsa> (Minor issue)
NOTE: https://github.com/protocolbuffers/protobuf/issues/25070
NOTE: https://github.com/protocolbuffers/protobuf/pull/25239
CVE-2026-0914 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to
Stored ...)
@@ -5040,9 +5044,10 @@ CVE-2025-57786 (A reflected cross-site scripting (xss)
vulnerability exists in t
CVE-2025-56353 (In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962
(2024-02-1 ...)
NOT-FOR-US: tinyMQTT
CVE-2025-56005 (An undocumented and unsafe feature in the PLY (Python
Lex-Yacc) librar ...)
- - ply <unfixed>
+ - ply <unfixed> (unimportant)
NOTE: https://github.com/bohmiiidd/Undocumented-RCE-in-PLY
NOTE: Disputed, unmaintained:
https://www.openwall.com/lists/oss-security/2026/01/23/4
+ NOTE: Negligible security impact
CVE-2025-55423 (A command injection vulnerability exists in the upnp_relay()
function ...)
NOT-FOR-US: ipTIME
CVE-2025-55071 (A reflected cross-site scripting (xss) vulnerability exists in
the mod ...)
@@ -68800,6 +68805,8 @@ CVE-2025-8194 (There is a defect in the CPython
\u201ctarfile\u201d module affec
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- pypy3 <unfixed> (bug #1126758)
+ [trixie] - pypy3 <no-dsa> (Minor issue)
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/issues/130577
NOTE: https://github.com/python/cpython/pull/137027
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c11996ef0847ac484f526e3f1e78c2c099a5c50
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c11996ef0847ac484f526e3f1e78c2c099a5c50
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
