[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2026-25749 as postponed for Bullseye

Thorsten Alteholz (@alteholz) Sat, 07 Feb 2026 11:03:39 -0800


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
41b3c821 by Thorsten Alteholz at 2026-02-07T19:46:29+01:00
mark CVE-2026-25749 as postponed for Bullseye

- - - - -
8cfd79b0 by Thorsten Alteholz at 2026-02-07T19:49:21+01:00
mark CVE-2025-69209 as postponed for Bullseye

- - - - -
1b47dadf by Thorsten Alteholz at 2026-02-07T19:50:30+01:00
mark CVE-2026-1991 as postponed for Bullseye (revisit when fixed upstream)

- - - - -
a75585dd by Thorsten Alteholz at 2026-02-07T19:53:41+01:00
mark CVE-2026-1979 as postponed for Bullseye

- - - - -
4c3860a8 by Thorsten Alteholz at 2026-02-07T19:55:50+01:00
mark CVE-2026-24486 as postponed for Bullseye

- - - - -
7b568306 by Thorsten Alteholz at 2026-02-07T20:02:58+01:00
mark CVE-2026-25727 as not-affected for Bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,6 +63,7 @@ CVE-2026-25749 (Vim is an open source, command line text 
editor. Prior to versio
        - vim <unfixed>
        [trixie] - vim <no-dsa> (Minor issue)
        [bookworm] - vim <no-dsa> (Minor issue)
+       [bullseye] - vim <postponed> (Minor issue)
        NOTE: https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43
        NOTE: Fixed by: 
https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 
(v9.1.2132)
 CVE-2026-25732 (NiceGUI is a Python-based UI framework. Prior to 3.7.0, 
NiceGUI's File ...)
@@ -404,6 +405,7 @@ CVE-2026-25727 (time provides date and time handling in 
Rust. From 0.3.6 to befo
        - rust-time 0.3.47-1
        [trixie] - rust-time <no-dsa> (Minor issue)
        [bookworm] - rust-time <no-dsa> (Minor issue)
+       [bullseye] - rust-time <not-affected> (rfc2822 parsing introduced in 
v0.3.6)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0009.html
        NOTE: https://github.com/advisories/GHSA-r6v5-fh4h-64xc
        NOTE: Fixed by: 
https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee 
(v0.3.47)
@@ -458,6 +460,7 @@ CVE-2026-1991 (A vulnerability was detected in libuvc up to 
0.0.7. Affected is t
        - libuvc <unfixed> (bug #1127316)
        [trixie] - libuvc <postponed> (Minor issue, revisit when fixed upstream)
        [bookworm] - libuvc <postponed> (Minor issue, revisit when fixed 
upstream)
+       [bullseye] - libuvc <postponed> (Minor issue, revisit when fixed 
upstream)
        NOTE: https://github.com/libuvc/libuvc/issues/300
 CVE-2026-1990 (A security vulnerability has been detected in oatpp up to 
1.3.1. This  ...)
        NOT-FOR-US: oatpp
@@ -465,6 +468,7 @@ CVE-2026-1979 (A flaw has been found in mruby up to 3.4.0. 
This affects the func
        - mruby <unfixed> (bug #1127317)
        [trixie] - mruby <no-dsa> (Minor issue)
        [bookworm] - mruby <no-dsa> (Minor issue)
+       [bullseye] - mruby <postponed> (Minor issue)
        NOTE: https://github.com/mruby/mruby/issues/6701
        NOTE: 
https://github.com/sysfce2/mruby/commit/e50f15c1c6e131fa7934355eb02b8173b13df415
 CVE-2026-1978 (A vulnerability was detected in kalyan02 NanoCMS up to 0.4. 
Affected b ...)
@@ -4245,6 +4249,7 @@ CVE-2026-24486 (Python-Multipart is a streaming multipart 
parser for Python. Pri
        - python-multipart 0.0.20-1.1 (bug #1126557)
        [trixie] - python-multipart <no-dsa> (Minor issue; will be fixed via 
point release)
        [bookworm] - python-multipart <no-dsa> (Minor issue)
+       [bullseye] - python-multipart <postponed> (Minor issue)
        NOTE: 
https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg
        NOTE: Fixed by: 
https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4
 (0.0.22)
        NOTE: Followup for test: 
https://github.com/Kludex/python-multipart/commit/0fb59a9df0f273bfde99740b302ccb2ae45e2b8a
 (0.0.22)
@@ -6485,6 +6490,7 @@ CVE-2025-69209 (ArduinoCore-avr contains the source code 
and configuration files
        - arduino-core-avr 1.8.7+dfsg-1 (bug #1126285)
        [trixie] - arduino-core-avr <no-dsa> (Minor issue)
        [bookworm] - arduino-core-avr <no-dsa> (Minor issue)
+       [bullseye] - arduino-core-avr <postponed> (Minor issue)
        NOTE: 
https://github.com/arduino/ArduinoCore-avr/security/advisories/GHSA-pvx3-fm7w-6hjm
        NOTE: https://github.com/arduino/ArduinoCore-avr/pull/613
        NOTE: Fixed by (merge): 
https://github.com/arduino/ArduinoCore-avr/commit/82a8ad2fb33911d8927c7af22e0472b94325d1a7
 (1.8.7)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68a19319250e9311ec01ad2c79d596deb786d67...7b568306995eaae47a80f2f377cb5fce57c079af

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68a19319250e9311ec01ad2c79d596deb786d67...7b568306995eaae47a80f2f377cb5fce57c079af
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2026-25749 as postponed for Bullseye

Reply via email to