Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
14b7e24e by Moritz Muehlenhoff at 2026-02-11T17:23:55+01:00
trixie/bookworm triage
- - - - -
9568da78 by Moritz Muehlenhoff at 2026-02-11T17:41:00+01:00
ruby-faraday fixed in sid
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -534,6 +534,8 @@ CVE-2025-15572 (A vulnerability has been found in wasm3 up
to 0.5.0. The affecte
NOT-FOR-US: wasm3
CVE-2025-15571 (A security vulnerability has been detected in ckolivas lrzip
up to 0.6 ...)
- lrzip <unfixed>
+ [trixie] - lrzip <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - lrzip <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/ckolivas/lrzip/issues/263
CVE-2025-15570 (A vulnerability was found in ckolivas lrzip up to 0.651. This
impacts ...)
- lrzip <unfixed>
@@ -679,7 +681,7 @@ CVE-2026-25806 (PlaciPy is a placement management system
designed for educationa
CVE-2026-25791 (Sliver is a command and control framework that uses a custom
Wireguard ...)
NOT-FOR-US: Sliver
CVE-2026-25765 (Faraday is an HTTP client library abstraction layer that
provides a co ...)
- - ruby-faraday <unfixed>
+ - ruby-faraday 2.14.1-1
NOTE:
https://github.com/lostisland/faraday/security/advisories/GHSA-33mh-2634-fwr2
NOTE: Fixed by:
https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc
(v2.14.1)
CVE-2026-25761 (Super-linter is a combination of multiple linters to run as a
GitHub A ...)
@@ -688,6 +690,8 @@ CVE-2026-25740 (captive browser, a dedicated Chrome
instance to log into captive
NOT-FOR-US: captive browser
CVE-2026-25639 (Axios is a promise based HTTP client for the browser and
Node.js. Prio ...)
- node-axios <unfixed>
+ [trixie] - node-axios <no-dsa> (Minor issue)
+ [bookworm] - node-axios <no-dsa> (Minor issue)
NOTE:
https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
NOTE: Fixed by:
https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57
(v1.13.5)
CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the
LangSmith ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ frr/oldstable
gh/oldstable
Santiago Vila might work on preparing an update
--
+gimp
+--
git-lfs
--
jackson-core
@@ -55,7 +57,7 @@ opennds/oldstable
pdfminer (carnil)
Required followup for CVE-2025-64512 as original fix was incomplete.
--
-pdns-recursor
+pdns-recursor/stable (jmm)
Asked maintainer for updates
--
php8.2/oldstable (jmm)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34a1a83f8a5efd6f9ac4b972839a954ef7374ce3...9568da7874527a33d88e775e99d5eba0cb0fddbb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34a1a83f8a5efd6f9ac4b972839a954ef7374ce3...9568da7874527a33d88e775e99d5eba0cb0fddbb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
