bookworm triage

Moritz Muehlenhoff (@jmm) Sat, 28 Feb 2026 08:29:33 -0800


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c33f7850 by Moritz Muehlenhoff at 2026-02-28T17:28:56+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1431,10 +1431,12 @@ CVE-2026-27195 (Wasmtime is a runtime for WebAssembly. 
Starting with Wasmtime 39
        NOTE: 
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94
 CVE-2026-27572 (Wasmtime is a runtime for WebAssembly. Prior to versions 
24.0.6, 36.0. ...)
        - rust-wasmtime 36.0.6+dfsg-1
+       [trixie] - rust-wasmtime <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0021.html
        NOTE: 
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
 CVE-2026-27204 (Wasmtime is a runtime for WebAssembly. Prior to versions 
24.0.6, 36.0. ...)
        - rust-wasmtime 36.0.6+dfsg-1
+       [trixie] - rust-wasmtime <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0020.html
        NOTE: 
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
 CVE-2026-3131 (Improper  access control in multiple DVLS REST API endpoints in 
Devolu ...)
@@ -15629,11 +15631,13 @@ CVE-2026-23954 (Incus is a system container and 
virtual machine manager. Version
        - incus 6.0.5-8
        - lxd <removed>
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7
+       NOTE: 
https://github.com/canonical/lxd/commit/6343c2cb0c2c5d4057821f05094671bff032ede8
 (lxd-5.0.6)
 CVE-2026-23953 (Incus is a system container and virtual machine manager. In 
versions 6 ...)
        {DSA-6109-1}
        - incus 6.0.5-8
        - lxd <removed>
        NOTE: 
https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32
+       NOTE: 
https://github.com/canonical/lxd/commit/6343c2cb0c2c5d4057821f05094671bff032ede8
 (lxd-5.0.6)
 CVE-2024-31884
        {DLA-4482-1}
        - ceph <unfixed> (bug #1126573)


=====================================
data/dsa-needed.txt
=====================================
@@ -44,7 +44,7 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more 6.1.y versions
 --
-lxd
+lxd (jmm)
   Maintainer prepared an update fot two CVEs for review
 --
 mbedtls/oldstable



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33f7850e94bdf95295f00b0a560b7ab336f01f2

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33f7850e94bdf95295f00b0a560b7ab336f01f2
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to