Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6051fd7f by Moritz Muehlenhoff at 2026-02-05T15:46:07+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3119,7 +3119,10 @@ CVE-2026-24771 (Hono is a Web application framework that
provides support for an
NOT-FOR-US: Hono
CVE-2026-24688 (pypdf is a free and open-source pure-python PDF library. An
attacker w ...)
- pypdf <unfixed> (bug #1126575)
+ [trixie] - pypdf <no-dsa> (Minor issue)
+ [bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
+ [bookworm] - pypdf2 <no-dsa> (Minor issue)
[bullseye] - pypdf2 <postponed> (Minor issue, DoS)
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73
NOTE: https://github.com/py-pdf/pypdf/pull/3610
@@ -3310,19 +3313,19 @@ CVE-2025-41726 (A low privileged remote attacker can
execute arbitrary code by s
CVE-2025-33234 (NVIDIA runx contains a vulnerability where an attacker could
cause a c ...)
NOT-FOR-US: NVIDIA
CVE-2025-28164 (Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a
local a ...)
- - libpng1.6 1.6.47-1
- [bookworm] - libpng1.6 <no-dsa> (Minor issue)
- [bullseye] - libpng1.6 <postponed> (Minor issue, memory leak)
+ - libpng1.6 1.6.47-1 (unimportant)
NOTE: https://github.com/pnggroup/libpng/issues/655
NOTE: https://github.com/pnggroup/libpng/pull/657
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/b20e6fb31479868f1d5f5cd268d4776767016941
(v1.6.47)
+ NOTE: No security impact, memory leak in CLI tool
CVE-2025-28162 (Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a
local a ...)
- - libpng1.6 1.6.47-1
+ - libpng1.6 1.6.47-1 (unimportant)
[bookworm] - libpng1.6 <no-dsa> (Minor issue)
[bullseye] - libpng1.6 <postponed> (Minor issue, memory leak)
NOTE: https://github.com/pnggroup/libpng/issues/656
NOTE: https://github.com/pnggroup/libpng/pull/657
NOTE: Fixed by:
https://github.com/pnggroup/libpng/commit/b20e6fb31479868f1d5f5cd268d4776767016941
(v1.6.47)
+ NOTE: No security impact, memory leak in CLI tool
CVE-2025-14911 (User-controlled chunkSize metadata from MongoDB lacks
appropriate vali ...)
- mongodb <removed>
CVE-2025-12810 (Improper Authentication vulnerability in Delinea Inc. Secret
Server On ...)
@@ -5729,6 +5732,8 @@ CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains
a stack overflow in for
NOT-FOR-US: Tenda
CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration
files of th ...)
- arduino-core-avr 1.8.7+dfsg-1 (bug #1126285)
+ [trixie] - arduino-core-avr <no-dsa> (Minor issue)
+ [bookworm] - arduino-core-avr <no-dsa> (Minor issue)
NOTE:
https://github.com/arduino/ArduinoCore-avr/security/advisories/GHSA-pvx3-fm7w-6hjm
NOTE: https://github.com/arduino/ArduinoCore-avr/pull/613
NOTE: Fixed by (merge):
https://github.com/arduino/ArduinoCore-avr/commit/82a8ad2fb33911d8927c7af22e0472b94325d1a7
(1.8.7)
@@ -6087,7 +6092,9 @@ CVE-2026-0865 (User-controlled header names and values
containing newlines can a
{DLA-4455-1}
- python3.14 3.14.3-1 (bug #1126739)
- python3.13 3.13.12-1 (bug #1126740)
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6051fd7faaa16a6277f7173c75d2974b00102187
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6051fd7faaa16a6277f7173c75d2974b00102187
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
