Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
4a8e299b by Thorsten Alteholz at 2026-02-08T00:14:10+01:00
mark CVE-2026-1767 as not-affected for Bullseye
- - - - -
34296798 by Thorsten Alteholz at 2026-02-08T00:21:03+01:00
mark CVE-2026-1764 as not-affected for Bullseye
- - - - -
51755976 by Thorsten Alteholz at 2026-02-08T00:22:43+01:00
mark CVE-2026-1766 and CVE-2026-1765 as postponed for Bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2216,6 +2216,7 @@ CVE-2026-1767 [Heap Buffer Overflow in GNOME localsearch
MP3 Extractor]
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
[bookworm] - tracker-miners <no-dsa> (Minor issue)
+ [bullseye] - tracker-miners <not-affected> (support for performer tags
was added in v2.99.4)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/429
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/2897ca48b7ae79db7dcfe7e66cdd5d75cb641466
CVE-2026-1766 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor
(ID3v2.3 COMM Tags)]
@@ -2223,6 +2224,7 @@ CVE-2026-1766 [Heap Buffer Overflow in GNOME localsearch
MP3 Extractor (ID3v2.3
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
[bookworm] - tracker-miners <no-dsa> (Minor issue)
+ [bullseye] - tracker-miners <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/428
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/9cc562cc126c408efb2a8220fcd67f006902412c
CVE-2026-1765 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX
Tags)]
@@ -2230,6 +2232,7 @@ CVE-2026-1765 [Heap Buffer Overflow in GNOME localsearch
MP3 Extractor (TXXX Tag
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
[bookworm] - tracker-miners <no-dsa> (Minor issue)
+ [bullseye] - tracker-miners <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/427
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/79f47309bad068ff0c19c1431abab6766edc687f
CVE-2026-1764 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
@@ -2237,6 +2240,7 @@ CVE-2026-1764 [Heap Buffer Overflow in GNOME localsearch
MP3 Extractor]
- tracker-miners <removed>
[trixie] - tracker-miners <no-dsa> (Minor issue)
[bookworm] - tracker-miners <no-dsa> (Minor issue)
+ [bullseye] - tracker-miners <not-affected> (support for performer tags
was added in v2.99.4)
NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/425
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/localsearch/-/commit/5337e2977f159c29e2b8af575e56866862af241b
CVE-2026-24071 (It was found that the XPC service offered by the privileged
helper of ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/366143a8ddbc906fd7b1b1225b3f8f0f9f33f852...51755976b19f274ea9dff64da3237d1c83479b67
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/366143a8ddbc906fd7b1b1225b3f8f0f9f33f852...51755976b19f274ea9dff64da3237d1c83479b67
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
