bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 09 Feb 2026 07:16:34 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
dd2e37f1 by Moritz Muehlenhoff at 2026-02-09T16:16:07+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -950,12 +950,16 @@ CVE-2025-68643 (Axigen Mail Server before 10.5.57 allows 
stored Cross-Site Scrip
        NOT-FOR-US: Axigen Mail Server
 CVE-2025-58190 (The html.Parse function in golang.org/x/net/html has an 
infinite parsi ...)
        - golang-golang-x-net <unfixed> (bug #1127320)
+       [trixie] - golang-golang-x-net <no-dsa> (Minor issue)
+       [bookworm] - golang-golang-x-net <no-dsa> (Minor issue)
        [bullseye] - golang-golang-x-net <postponed> (Limited support, minor 
issue, follow bookworm DSAs/point-releases)
        NOTE: https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c
        NOTE: https://github.com/golang/go/issues/70179
        NOTE: Fixed by: 
https://github.com/golang/net/commit/6ec8895aa5f6594da7356da7d341b98133629009 
(v0.45.0)
 CVE-2025-47911 (The html.Parse function in golang.org/x/net/html has quadratic 
parsing ...)
        - golang-golang-x-net <unfixed> (bug #1127321)
+       [trixie] - golang-golang-x-net <no-dsa> (Minor issue)
+       [bookworm] - golang-golang-x-net <no-dsa> (Minor issue)
        [bullseye] - golang-golang-x-net <postponed> (Limited support, minor 
issue, follow bookworm DSAs/point-releases)
        NOTE: https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c
        NOTE: https://github.com/golang/go/issues/75682
@@ -3283,6 +3287,8 @@ CVE-2026-25090
        REJECTED
 CVE-2026-25063 (gradle-completion provides Bash and Zsh completion support for 
Gradle. ...)
        - gradle-completion <unfixed> (bug #1126696)
+       [trixie] - gradle-completion <no-dsa> (Minor issue)
+       [bookworm] - gradle-completion <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gradle/gradle-completion/security/advisories/GHSA-qggc-44r3-cjgv
        NOTE: Fixed by: 
https://github.com/gradle/gradle-completion/commit/f0034a8a44b8191e5b764cf9b0211cade6ee55d7
 (v9.3.1)
 CVE-2026-25061 (tcpflow is a TCP/IP packet demultiplexer. In versions up to 
and includ ...)
@@ -7256,7 +7262,9 @@ CVE-2026-0672 (When using http.cookies.Morsel, 
user-controlled cookie values and
        {DLA-4455-1}
        - python3.14 3.14.3-1 (bug #1126761)
        - python3.13 3.13.12-1 (bug #1126762)
+       [trixie] - python3.13 <no-dsa> (Minor issue)
        - python3.11 <removed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
        - pypy3 <unfixed> (bug #1126763)
        [trixie] - pypy3 <no-dsa> (Minor issue)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd2e37f10bf1e614431a2c4815dd3952b3c8adca

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd2e37f10bf1e614431a2c4815dd3952b3c8adca
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to