[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Wed, 04 Feb 2026 04:12:28 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
0c93f81b by Moritz Muehlenhoff at 2026-02-04T13:11:16+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -169,7 +169,11 @@ CVE-2026-25541
        NOTE: Fixed by: 
https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f
 (v1.11.1)
 CVE-2026-1801 (A flaw was found in libsoup, an HTTP client/server library. 
This HTTP  ...)
        - libsoup3 3.6.5-8
+       [trixie] - libsoup3 <no-dsa> (Minor issue)
+       [bookworm] - libsoup3 <no-dsa> (Minor issue)
        - libsoup2.4 <removed>
+       [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+       [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/481
        NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/506
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libsoup/-/commit/b9a1c0663ff8ab6e79715db4b35b54f560416ddd
@@ -883,6 +887,8 @@ CVE-2026-1751 (A vulnerability has been discovered in 
GitLab CE/EE affecting all
        NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/519340
 CVE-2026-1703 (When pip is installing and extracting a maliciously crafted 
wheel arch ...)
        - python-pip 26.0+dfsg-1 (bug #1126875)
+       [trixie] - python-pip <no-dsa> (Minor issue)
+       [bookworm] - python-pip <no-dsa> (Minor issue)
        NOTE: https://github.com/pypa/pip/pull/13777
        NOTE: Fixed by: 
https://github.com/pypa/pip/commit/4c651b70d60ed91b13663bcda9b3ed41748d0124 
(26.0)
        NOTE: 
https://mail.python.org/archives/list/[email protected]/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/
@@ -1912,12 +1918,20 @@ CVE-2026-21865 (Discourse is an open source discussion 
platform. In versions pri
        NOT-FOR-US: Discourse
 CVE-2026-1539 (A flaw was found in the libsoup HTTP library that can cause 
proxy auth ...)
        - libsoup3 3.6.5-8 (bug #1126628)
+       [trixie] - libsoup3 <no-dsa> (Minor issue)
+       [bookworm] - libsoup3 <no-dsa> (Minor issue)
        - libsoup2.4 <removed>
+       [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+       [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/489
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libsoup/-/commit/98c1285d9d78662c38bf14b4a128af01ccfdb446
 CVE-2026-1536 (A flaw was found in libsoup. An attacker who can control the 
input for ...)
        - libsoup3 3.6.5-8 (bug #1126627)
+       [trixie] - libsoup3 <no-dsa> (Minor issue)
+       [bookworm] - libsoup3 <no-dsa> (Minor issue)
        - libsoup2.4 <removed>
+       [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+       [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/486
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/libsoup/-/commit/5c1a2e9c06a834eb715f60265a877f5b882cc1b1
 CVE-2026-1522 (A weakness has been identified in Open5GS up to 2.7.6. This 
vulnerabil ...)
@@ -2851,6 +2865,8 @@ CVE-2026-24408 (sigstore-python is a Python tool for 
generating and verifying Si
        - sigstore-python <itp> (bug #1084157)
 CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the 
Java Virtu ...)
        - assertj-core <unfixed>
+       [trixie] - assertj-core <no-dsa> (Minor issue)
+       [bookworm] - assertj-core <no-dsa> (Minor issue)
        NOTE: 
https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r
        NOTE: 
https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a
 (assertj-build-3.27.7)
 CVE-2026-24131 (pnpm is a package manager. Prior to version 10.28.2, when pnpm 
process ...)
@@ -3632,8 +3648,9 @@ CVE-2025-67230 (Improper permissions in the handler for 
the Custom URL Scheme in
 CVE-2025-67229 (An improper certificate validation vulnerability exists in 
ToDesktop B ...)
        NOT-FOR-US: ToDesktop Builder
 CVE-2025-67125 (A signed integer overflow in docopt.cpp v0.6.2 
(LeafPattern::match in  ...)
-       - docopt.cpp <unfixed> (bug #1126774)
+       - docopt.cpp <unfixed> (bug #1126774; unimportant)
        NOTE: https://github.com/docopt/docopt.cpp/issues/167
+       NOTE: Negligible security impact
 CVE-2025-67124 (A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload 
finaliz ...)
        NOT-FOR-US: svenstaro/miniserve
 CVE-2025-66720 (Null pointer dereference in free5gc pcf 1.4.0 in file 
internal/sbi/pro ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c93f81b1a43c4d603ba1e2131a1188d466cbb6a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c93f81b1a43c4d603ba1e2131a1188d466cbb6a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to