Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2cf5b31 by Utkarsh Gupta at 2026-02-14T03:22:17+05:30
Mark CVE-2025-68458/node-webpack as postponed for bullseye
- - - - -
42cc699b by Utkarsh Gupta at 2026-02-14T03:22:58+05:30
Mark CVE-2025-68157/node-webpack as postponed for bullseye
- - - - -
142fd84f by Utkarsh Gupta at 2026-02-14T03:25:08+05:30
Mark CVE-2026-25765/ruby-faraday as postponed for bullseye
- - - - -
88b41ffd by Utkarsh Gupta at 2026-02-14T03:27:16+05:30
Mark CVE-2026-23903/shiro as postponed for bullseye
- - - - -
e7bcc04b by Utkarsh Gupta at 2026-02-14T03:28:31+05:30
Mark CVE-2026-23901/shiro as postponed for bullseye
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1927,6 +1927,7 @@ CVE-2026-25765 (Faraday is an HTTP client library
abstraction layer that provide
- ruby-faraday 2.14.1-1
[trixie] - ruby-faraday <no-dsa> (Minor issue)
[bookworm] - ruby-faraday <no-dsa> (Minor issue)
+ [bullseye] - ruby-faraday <postponed> (Minor issue)
NOTE:
https://github.com/lostisland/faraday/security/advisories/GHSA-33mh-2634-fwr2
NOTE: Fixed by:
https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc
(v2.14.1)
CVE-2026-25761 (Super-linter is a combination of multiple linters to run as a
GitHub A ...)
@@ -2174,11 +2175,13 @@ CVE-2026-23903 (Authentication Bypass by Alternate Name
vulnerability in Apache
- shiro <unfixed>
[trixie] - shiro <no-dsa> (Minor issue)
[bookworm] - shiro <no-dsa> (Minor issue)
+ [bullseye] - shiro <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/08/1
CVE-2026-23901 (Observable Timing Discrepancy vulnerability in Apache Shiro.
This iss ...)
- shiro <unfixed>
[trixie] - shiro <no-dsa> (Minor issue)
[bookworm] - shiro <no-dsa> (Minor issue)
+ [bullseye] - shiro <postponed> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/02/08/2
CVE-2026-25916 (Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when
"Block rem ...)
- roundcube 1.6.13+dfsg-1 (bug #1127447)
@@ -3090,11 +3093,13 @@ CVE-2025-68458 (Webpack is a module bundler. From
version 5.49.0 to before 5.104
- node-webpack <unfixed> (bug #1127322)
[trixie] - node-webpack <no-dsa> (Minor issue)
[bookworm] - node-webpack <no-dsa> (Minor issue)
+ [bullseye] - node-webpack <postponed> (Minor issue)
NOTE:
https://github.com/webpack/webpack/security/advisories/GHSA-8fgc-7cc6-rx7x
CVE-2025-68157 (Webpack is a module bundler. From version 5.49.0 to before
5.104.0, wh ...)
- node-webpack <unfixed> (bug #1127322)
[trixie] - node-webpack <no-dsa> (Minor issue)
[bookworm] - node-webpack <no-dsa> (Minor issue)
+ [bullseye] - node-webpack <postponed> (Minor issue)
NOTE:
https://github.com/webpack/webpack/security/advisories/GHSA-38r7-794h-5758
CVE-2025-32393 (AutoGPT is a platform that allows users to create, deploy, and
manage ...)
NOT-FOR-US: AutoGPT
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/081049cf12e5ea39b29909e0519914c0cc520d76...e7bcc04bb35bdfb6149e5fe96ea9805aa6ddba84
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/081049cf12e5ea39b29909e0519914c0cc520d76...e7bcc04bb35bdfb6149e5fe96ea9805aa6ddba84
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
