bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 10 Feb 2026 03:58:39 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cd7528f4 by Moritz Muehlenhoff at 2026-02-10T12:58:03+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -203,6 +203,8 @@ CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not 
have a sufficient input
        NOT-FOR-US: Axis Communication
 CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no 
null terminator)]
        - gimp <unfixed>
+       [trixie] - gimp <no-dsa> (Minor issue)
+       [bookworm] - gimp <no-dsa> (Minor issue)
        NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/8cf2772f5631719ae0e4e701bd7ef793b1f59cfa
 (master)
        NOTE: Fixed by: 
https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae
 (gimp-3-0 branch)
@@ -1496,6 +1498,8 @@ CVE-2026-25538 (Devtron is an open source tool 
integration platform for Kubernet
        NOT-FOR-US: Devtron
 CVE-2026-25537 (jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, 
there is a ...)
        - rust-jsonwebtoken <unfixed> (bug #1127319)
+       [trixie] - rust-jsonwebtoken <no-dsa> (Minor issue)
+       [bookworm] - rust-jsonwebtoken <no-dsa> (Minor issue)
        NOTE: 
https://github.com/Keats/jsonwebtoken/security/advisories/GHSA-h395-gr6q-cpjc
        NOTE: Fixed by: 
https://github.com/Keats/jsonwebtoken/commit/abbc3076742c4161347bc6b8bf4aa5eb86e1dc01
 (v10.3.0)
 CVE-2026-25536 (MCP TypeScript SDK is the official TypeScript SDK for Model 
Context Pr ...)
@@ -13970,6 +13974,8 @@ CVE-2026-21483 (listmonk is a standalone, self-hosted, 
newsletter and mailing li
        NOT-FOR-US: listmonk
 CVE-2026-21452 (MessagePack for Java is a serializer implementation for Java. 
A denial ...)
        - msgpack-java <unfixed> (bug #1124587)
+       [trixie] - msgpack-java <no-dsa> (Minor issue)
+       [bookworm] - msgpack-java <no-dsa> (Minor issue)
        NOTE: 
https://github.com/msgpack/msgpack-java/security/advisories/GHSA-cw39-r4h6-8j3x
        NOTE: Fixed by: 
https://github.com/msgpack/msgpack-java/commit/daa2ea6b2f11f500e22c70a22f689f7a9debdeae
 (v0.9.11)
 CVE-2026-21451 (Bagisto is an open source laravel eCommerce platform. A stored 
Cross-S ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7528f47ce8aaeafe2b4b059abd06cfba1cf660

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7528f47ce8aaeafe2b4b059abd06cfba1cf660
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to