Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c58ba900 by Sylvain Beucler at 2026-03-25T09:37:16+01:00
CVE-2026-32700/ruby-devise: bullseye ignored
- - - - -
83edc162 by Sylvain Beucler at 2026-03-25T09:39:02+01:00
CVE-2026-28500/onnx: follow bookworm triage
- - - - -
17c299b6 by Sylvain Beucler at 2026-03-25T09:40:35+01:00
CVE-2026-31899/cairosvg: bullseye postponed
- - - - -
0b896671 by Sylvain Beucler at 2026-03-25T09:53:56+01:00
CVE-2026-3884/libjs-spin.js: bullseye postponed
- - - - -
0da2fcbb by Sylvain Beucler at 2026-03-25T10:00:07+01:00
CVE-2026-32141,CVE-2026-33228/node-flatted: follow bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1838,6 +1838,7 @@ CVE-2026-33228 (flatted is a circular JSON parser. Prior
to version 3.4.2, the p
- node-flatted 3.4.2~ds-1 (bug #1131462)
[trixie] - node-flatted <no-dsa> (Minor issue)
[bookworm] - node-flatted <no-dsa> (Minor issue)
+ [bullseye] - node-flatted <postponed> (Minor issue)
NOTE:
https://github.com/WebReflection/flatted/security/advisories/GHSA-rf6f-7fwh-wjgh
NOTE: Fixed by:
https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802
(v3.4.2)
CVE-2026-33226 (Budibase is a low code platform for creating internal tools,
workflows ...)
@@ -3197,6 +3198,7 @@ CVE-2026-32703 (OpenProject is an open-source, web-based
project management soft
CVE-2026-32700 (Devise is an authentication solution for Rails based on
Warden. Prior ...)
- ruby-devise <removed>
[bookworm] - ruby-devise <ignored> (Minor issue)
+ [bullseye] - ruby-devise <ignored> (Minor issue, ruby-devise* removed
from Debian)
NOTE:
https://github.com/heartcombo/devise/security/advisories/GHSA-57hq-95w6-v4fc
NOTE: https://github.com/heartcombo/devise/issues/5783
NOTE: https://github.com/heartcombo/devise/pull/5784
@@ -3785,6 +3787,7 @@ CVE-2026-28500 (Open Neural Network Exchange (ONNX) is an
open standard for mach
- onnx <unfixed> (bug #1131209)
[trixie] - onnx <no-dsa> (Minor issue)
[bookworm] - onnx <no-dsa> (Minor issue)
+ [bullseye] - onnx <postponed> (Minor issue)
NOTE:
https://github.com/onnx/onnx/security/advisories/GHSA-hqmj-h5c6-369m
CVE-2026-28499 (LeafKit is a templating language with Swift-inspired syntax.
Prior to ...)
NOT-FOR-US: LeafKit
@@ -5121,6 +5124,7 @@ CVE-2026-31899 (CairoSVG is an SVG converter based on
Cairo, a 2D graphics libra
- cairosvg <unfixed> (bug #1130748)
[trixie] - cairosvg <no-dsa> (Minor issue)
[bookworm] - cairosvg <no-dsa> (Minor issue)
+ [bullseye] - cairosvg <postponed> (Minor issue, DoS)
NOTE:
https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c
NOTE: Fixed by:
https://github.com/Kozea/CairoSVG/commit/6dde8685ed3f19837767bce7a13a5491e3d0e0bf
(2.9.0)
CVE-2026-31897 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
@@ -5513,9 +5517,10 @@ CVE-2026-32141 (flatted is a circular JSON parser. Prior
to 3.4.0, flatted's par
- node-flatted 3.4.1~ds-1
[trixie] - node-flatted <no-dsa> (Minor issue)
[bookworm] - node-flatted <no-dsa> (Minor issue)
+ [bullseye] - node-flatted <postponed> (Minor issue, DoS)
NOTE:
https://github.com/WebReflection/flatted/security/advisories/GHSA-25h7-pfq9-p65f
NOTE: https://github.com/WebReflection/flatted/pull/88
- NOTE: Fixedby:
https://github.com/WebReflection/flatted/commit/7774aae45d3775c842abe9d071fd009171a5fc0c
(v3.4.0)
+ NOTE: Fixed by:
https://github.com/WebReflection/flatted/commit/7774aae45d3775c842abe9d071fd009171a5fc0c
(v3.4.0)
CVE-2026-32140 (Dataease is an open source data visualization analysis tool.
Prior to ...)
NOT-FOR-US: DataEase
CVE-2026-32139 (Dataease is an open source data visualization analysis tool.
In DataEa ...)
@@ -6408,6 +6413,7 @@ CVE-2026-3884 (Versions of the package spin.js before
3.0.0 are vulnerable to Cr
- libjs-spin.js <unfixed> (bug #1131449)
[trixie] - libjs-spin.js <no-dsa> (Minor issue)
[bookworm] - libjs-spin.js <no-dsa> (Minor issue)
+ [bullseye] - libjs-spin.js <postponed> (Minor issue, hard to trigger)
NOTE: https://security.snyk.io/vuln/SNYK-JS-SPINJS-15445079
NOTE: Fixed by:
https://github.com/fgnass/spin.js/commit/1f63d33b74e5919e7fe24bf97eca96a346535f6f
CVE-2026-3826 (IFTOP developed by WellChoose has a Local File Inclusion
vulnerability ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5496473c9bce3309eb10db4612af6668e9f45d28...0da2fcbb4e6dfbd8383a0bd78514d96d9f1774d7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5496473c9bce3309eb10db4612af6668e9f45d28...0da2fcbb4e6dfbd8383a0bd78514d96d9f1774d7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
