Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
660b4b44 by Moritz Muehlenhoff at 2026-02-17T09:49:34+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1043,6 +1043,8 @@ CVE-2026-2026 (A vulnerability has been identified where
weak file permissions i
NOT-FOR-US: Tenable
CVE-2026-26269 (Vim is an open source, command line text editor. Prior to
9.1.2148, a ...)
- vim <unfixed> (bug #1127930)
+ [trixie] - vim <no-dsa> (Minor issue)
+ [bookworm] - vim <no-dsa> (Minor issue)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68
NOTE: Fixed by:
https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970
(v9.1.2148)
CVE-2026-26268 (Cursor is a code editor built for programming with AI. Sandbox
escape ...)
@@ -2752,6 +2754,7 @@ CVE-2025-32739 (Improper conditions check in some
firmware for some Intel(R) Gra
NOT-FOR-US: Intel
CVE-2025-32735 (Improper conditions check in some firmware for some Intel(R)
NPU Drive ...)
- firmware-nonfree 20251011-1
+ [trixie] - firmware-nonfree <no-dsa> (Minor issue)
[bookworm] - firmware-nonfree <not-affected> (VPU firmware not yet
present)
NOTE:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01403.html
NOTE:
https://gitlab.com/kernel-firmware/linux-firmware/-/commit/d2404284b6ce4ee34ca56351d8741cdc61d81910
(20251011)
@@ -10367,7 +10370,9 @@ CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22
are vulnerable to prototyp
CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(),
and urlsaf ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
[bullseye] - python3.9 <ignored> (Minor issue, no fix, only additional
warnings)
- pypy3 <unfixed>
=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ cpp-httplib
frr/oldstable
coordination with the maintainer ongoing, Daniel Baumann proposing an update
--
+gegl
+--
gnutls28
Maintainer prepared updates for review
--
@@ -42,6 +44,8 @@ libpng1.6
libreswan/oldstable
Waiting on feedback from maintainer
--
+libvpx (jmm)
+--
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660b4b446204293a85fd8bc741cde6225b64f7d1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660b4b446204293a85fd8bc741cde6225b64f7d1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
