Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
184ad7e1 by Moritz Muehlenhoff at 2026-03-17T21:26:00+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2067,7 +2067,11 @@ CVE-2023-43010 (The issue was addressed with improved
memory handling. This issu
NOT-FOR-US: Apple
CVE-2026-2436
- libsoup3 <unfixed> (bug #1130498)
+ [trixie] - libsoup3 <no-dsa> (Minor issue)
+ [bookworm] - libsoup3 <no-dsa> (Minor issue)
- libsoup2.4 <removed>
+ [trixie] - libsoup2.4 <no-dsa> (Minor issue)
+ [bookworm] - libsoup2.4 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/501
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libsoup/-/commit/e9b681a5b23f8259a5e29c5351a5284ae5cd1189
CVE-2026-3954 (A weakness has been identified in OpenBMB XAgent 1.0.0.
Affected by th ...)
@@ -3341,10 +3345,14 @@ CVE-2026-3086 (GStreamer H.266 Codec Parser
Out-Of-Bounds Write Remote Code Exec
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa1f5a80085ef65154a982dd3b23181100265c7e
(main)
CVE-2026-3083 (GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code
Execution Vulne ...)
- gst-plugins-good1.0 1.28.1-1
+ [trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
+ [bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf
(main)
CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code
Executio ...)
- gst-plugins-good1.0 1.28.1-1
+ [trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
+ [bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf
(main)
CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code
Execution Vuln ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -18,9 +18,11 @@ amd64-microcode (carnil)
ceph
for CVE-2024-47866, rest harmless
--
-cpp-httplib
+cpp-httplib (jmm)
Maintainer preparing updates, waiting for feedback on bookworm status
--
+freetype/stable (jmm)
+--
frr
--
gh/oldstable
@@ -58,7 +60,7 @@ php-laravel-framework/oldstable
python-aiohttp
--
python-tornado (jmm)
- Daniel Leidert is proposing to work on an update, asked to send debdiffs to
team for review
+ update is on seger, but autopkg regression needs to be sorted
--
rtpengine
Victor Seva prepared a debdiff for trixie-security for review,
bookworm-security debdiff missing
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/184ad7e16493b66d0056aba264c4c361fe47f5c3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/184ad7e16493b66d0056aba264c4c361fe47f5c3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
