Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c7208b73 by Moritz Muehlenhoff at 2026-03-02T18:34:13+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -56,9 +56,11 @@ CVE-2026-3390 (A vulnerability was identified in
FascinatedBox lily up to 2.3. T
NOT-FOR-US: FascinatedBox lily
CVE-2026-3389 (A vulnerability was determined in Squirrel up to 3.2. This
vulnerabili ...)
- squirrel3 <unfixed>
+ [trixie] - squirrel3 <no-dsa> (Minor issue)
NOTE: https://github.com/albertodemichelis/squirrel/issues/314
CVE-2026-3388 (A vulnerability was found in Squirrel up to 3.2. This affects
the func ...)
- squirrel3 <unfixed>
+ [trixie] - squirrel3 <no-dsa> (Minor issue)
NOTE: https://github.com/albertodemichelis/squirrel/issues/312
CVE-2026-3387 (A vulnerability has been found in wren-lang wren up to 0.4.0.
Affected ...)
NOT-FOR-US: wren-lang wren
@@ -123,9 +125,10 @@ CVE-2026-28424 (Statmatic is a Laravel and Git powered
content management system
CVE-2026-28423 (Statmatic is a Laravel and Git powered content management
system (CMS) ...)
NOT-FOR-US: Statmatic CMS
CVE-2026-28422 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
- - vim <unfixed> (bug #1129432)
+ - vim <unfixed> (bug #1129432; unimportant)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-gmqx-prf2-8mwf
NOTE: Fixed by:
https://github.com/vim/vim/commit/4e5b9e31cb7484ad156fba995fdce3c9b075b5fd
(v9.2.0078)
+ NOTE: Crash in CLI tool, no security impact
CVE-2026-28421 (Vim is an open source, command line text editor. Versions
prior to 9.2 ...)
- vim <unfixed> (bug #1129431)
NOTE: https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p
@@ -164,7 +167,10 @@ CVE-2026-28352 (Indico is an event management system that
uses Flask-Multipass,
NOT-FOR-US: Indico
CVE-2026-28351 (pypdf is a free and open-source pure-python PDF library. Prior
to vers ...)
- pypdf <unfixed>
+ [trixie] - pypdf <no-dsa> (Minor issue)
+ [bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
+ [bookworm] - pypdf2 <no-dsa> (Minor issue)
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg
NOTE: https://github.com/py-pdf/pypdf/pull/3664
NOTE: Fixed by:
https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858
(6.7.4)
@@ -652,6 +658,7 @@ CVE-2026-XXXX [rashes Opus buffer overruns]
NOTE: Fixed by (merge):
https://github.com/mumble-voip/mumble/commit/ff2a2332cccb267721553f09c0ded4de880622e0
CVE-2021-4456 (Net::CIDR versions before 0.24 for Perl mishandle leading zeros
in IP ...)
- libnet-cidr-perl 0.25-1
+ [bookworm] - libnet-cidr-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/37425715/
NOTE: Fixed by:
https://github.com/svarshavchik/Net-CIDR/commit/e3648c6bc6bdd018f90cca4149c467017d42bd10
CVE-2025-40932 (Apache::SessionX versions through 2.01 for Perl create
insecure sessio ...)
@@ -779,6 +786,7 @@ CVE-2026-3200 (A vulnerability was identified in z-9527
admin 1.0/2.0. The affec
NOT-FOR-US: z-9527 admin
CVE-2026-3172 (Buffer overflow in parallel HNSW index build in pgvector 0.6.0
through ...)
- pgvector 0.8.2-1
+ [trixie] - pgvector <no-dsa> (Minor issue)
NOTE: https://github.com/pgvector/pgvector/issues/959
NOTE: Fixed by:
https://github.com/pgvector/pgvector/commit/b7e680d41ae93fe3c01b4c775e657893b5cf35fb
(v0.8.2)
CVE-2026-2694 (The The Events Calendar plugin for WordPress is vulnerable to
unauthor ...)
@@ -1302,17 +1310,26 @@ CVE-2025-14103 (GitLab has remediated an issue in
GitLab CE/EE affecting all ver
- gitlab <not-affected> (Vulnerable code introduced later)
CVE-2026-27015 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
+ [trixie] - freerdp3 <no-dsa> (Minor issue)
+ [bookworm] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7g72-39pq-4725
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/65d59d3b3c2f630f2ea862687ecf5f95f8115244
(3.23.0)
CVE-2026-26986 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
+ [trixie] - freerdp3 <no-dsa> (Minor issue)
+ [bookworm] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-crqx-g6x5-rx47
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/b4f0f0a18fe53aa8d47d062f91471f4e9c5e0d51
(3.23.0)
CVE-2026-26965 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.23.0+dfsg-1
+ [trixie] - freerdp3 <no-dsa> (Minor issue)
+ [bookworm] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5vgf-mw4f-r33h
NOTE: Fixed by:
https://github.com/FreeRDP/FreeRDP/commit/a0be5cb87d760bb1c803ad1bb835aa1e73e62abc
(3.23.0)
CVE-2026-26955 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7208b73f418c17f6cfb17ad486d05ace61246ed
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7208b73f418c17f6cfb17ad486d05ace61246ed
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
