Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce852fc0 by Moritz Muehlenhoff at 2026-02-23T11:18:24+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -360,6 +360,8 @@ CVE-2026-27210 (Pannellum is a lightweight, free, and open
source panorama viewe
NOT-FOR-US: Pannellum
CVE-2026-27205 (Flask is a web server gateway interface (WSGI) web application
framewo ...)
- flask <unfixed> (bug #1128620)
+ [trixie] - flask <no-dsa> (Minor issue)
+ [bookworm] - flask <no-dsa> (Minor issue)
NOTE:
https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726
NOTE: Fixed by:
https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4
(3.1.3)
CVE-2026-27203 (eBay API MCP Server is an open source local MCP server
providing AI as ...)
@@ -696,6 +698,8 @@ CVE-2026-21627 (The vulnerability was rooted in how the
Tassos Framework plugin
NOT-FOR-US: Joomla
CVE-2026-21620 (Relative Path Traversal, Improper Isolation or
Compartmentalization vu ...)
- erlang <unfixed> (bug #1128651)
+ [trixie] - erlang <no-dsa> (Minor issue)
+ [bookworm] - erlang <no-dsa> (Minor issue)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp
NOTE: https://github.com/erlang/otp/pull/10706
NOTE: Fixed by (merge):
https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a
(OTP-28.3.2)
@@ -1079,6 +1083,8 @@ CVE-2026-2819 (A vulnerability was identified in Dromara
RuoYi-Vue-Plus up to 5.
NOT-FOR-US: Dromara RuoYi-Vue-Plus
CVE-2026-2739 (This affects versions of the package bn.js before 5.2.3.
Calling maskn ...)
- node-bn.js <unfixed> (bug #1128619)
+ [trixie] - node-bn.js <no-dsa> (Minor issue)
+ [bookworm] - node-bn.js <no-dsa> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-BNJS-15274301
NOTE: https://github.com/indutny/bn.js/issues/316
NOTE: https://github.com/indutny/bn.js/issues/186
@@ -1278,6 +1284,7 @@ CVE-2026-26064 (calibre is a cross-platform e-book
manager for viewing, converti
NOTE: Fixed by:
https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62
(v9.3.0)
CVE-2026-24122 (Cosign provides code signing and transparency for containers
and binar ...)
- cosign <unfixed> (bug #1128652)
+ [trixie] - cosign <no-dsa> (Minor issue)
NOTE:
https://github.com/sigstore/cosign/security/advisories/GHSA-wfqv-66vq-46rm
NOTE: Fixed by:
https://github.com/sigstore/cosign/commit/3c9a7363f563db76d78e2de2cabd945450f3781e
(v3.0.5)
CVE-2026-21535 (Improper access control in Microsoft Teams allows an
unauthorized atta ...)
@@ -2185,11 +2192,13 @@ CVE-2026-2662 (A weakness has been identified in
FascinatedBox lily up to 2.3. T
NOT-FOR-US: FascinatedBox lily
CVE-2026-2661 (A security flaw has been discovered in Squirrel up to 3.2. This
affect ...)
- squirrel3 <unfixed>
+ [trixie] - squirrel3 <no-dsa> (Minor issue)
NOTE: https://github.com/albertodemichelis/squirrel/issues/310
CVE-2026-2660 (A vulnerability was identified in FascinatedBox lily up to 2.3.
Affect ...)
NOT-FOR-US: FascinatedBox lily
CVE-2026-2659 (A vulnerability was determined in Squirrel up to 3.2. Affected
by this ...)
- squirrel3 <unfixed>
+ [trixie] - squirrel3 <no-dsa> (Minor issue)
NOTE: https://github.com/albertodemichelis/squirrel/issues/311
CVE-2026-2658 (A vulnerability was found in newbee-ltd newbee-mall up to
a069069b0702 ...)
NOT-FOR-US: newbee-ltd newbee-mall
@@ -7382,7 +7391,9 @@ CVE-2025-62615 (AutoGPT is a platform that allows users
to create, deploy, and m
CVE-2025-61732 (A discrepancy between how Go and C/C++ comments were parsed
allowed fo ...)
- golang-1.25 1.25.7-1
- golang-1.24 1.24.13-1 (bug #1127436)
+ [trixie] - golang-1.24 <no-dsa> (Minor issue)
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
[bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
@@ -15070,8 +15081,10 @@ CVE-2025-68119 (Downloading and building modules with
malicious version strings
CVE-2025-61731 (Building a malicious file with cmd/go can cause can cause a
write to a ...)
- golang-1.25 1.25.6-1 (bug #1125916)
- golang-1.24 1.24.12-1 (bug #1125917)
+ [trixie] - golang-1.24 <no-dsa> (Minor issue)
- golang-1.19 <removed>
- golang-1.15 <removed>
+ [bookworm] - golang-1.15 <no-dsa> (Minor issue)
[bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
NOTE: https://github.com/golang/go/issues/77100
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce852fc02409d93791a003b5f44b997dd46ef7df
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ce852fc02409d93791a003b5f44b997dd46ef7df
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
