Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
51f23ebd by Moritz Muehlenhoff at 2026-03-29T14:46:32+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -594,9 +594,13 @@ CVE-2026-33280 (Hidden functionality issue exists in
BUFFALO Wi-Fi router produc
NOT-FOR-US: BUFFALO
CVE-2026-33206 (calibre is a cross-platform e-book manager for viewing,
converting, ed ...)
- calibre 9.6.0+ds+~0.10.5-1
+ [trixie] - calibre <no-dsa> (Minor issue)
+ [bookworm] - calibre <no-dsa> (Minor issue)
NOTE:
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-h3p4-m74f-43g6
CVE-2026-33205 (calibre is a cross-platform e-book manager for viewing,
converting, ed ...)
- calibre 9.6.0+ds+~0.10.5-1
+ [trixie] - calibre <no-dsa> (Minor issue)
+ [bookworm] - calibre <no-dsa> (Minor issue)
NOTE:
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-4926-v9px-wv7v
CVE-2026-33045 (Home Assistant is open source home automation software that
puts local ...)
NOT-FOR-US: Home Assistant
@@ -874,9 +878,10 @@ CVE-2026-4897 (A flaw was found in polkit. A local user
can exploit this by prov
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2451739
TODO: check upstream details
CVE-2026-4887 (A flaw was found in GIMP. This issue is a heap buffer over-read
in GIM ...)
- - gimp 3.2.0-1
+ - gimp 3.2.0-1 (unimportant)
NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15960
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/aabce89271a9943a43bda9225aa43fc524f1c8a4
(GIMP_3_2_0)
+ NOTE: Crash in CLI tool, no security impact
CVE-2026-4877 (A security flaw has been discovered in itsourcecode Payroll
Management ...)
NOT-FOR-US: itsourcecode System
CVE-2026-4876 (A vulnerability was identified in itsourcecode Free Hotel
Reservation ...)
@@ -5062,8 +5067,12 @@ CVE-2026-4519 (The webbrowser.open() API would accept
leading dashes in the URL
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- jython <unfixed>
+ [trixie] - jython <no-dsa> (Minor issue)
+ [bookworm] - jython <no-dsa> (Minor issue)
[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
- pypy3 <unfixed>
+ [trixie] - pypy3 <no-dsa> (Minor issue)
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/
NOTE: https://github.com/python/cpython/issues/143930
NOTE: https://github.com/python/cpython/pull/143931
@@ -8410,6 +8419,8 @@ CVE-2026-3059 (SGLang's multimodal generation module is
vulnerable to unauthenti
NOT-FOR-US: sgl-project sglang
CVE-2026-32274 (Black is the uncompromising Python code formatter. Prior to
26.3.1, Bl ...)
- black 26.3.1-1 (bug #1130657)
+ [trixie] - black <no-dsa> (Minor issue)
+ [bookworm] - black <no-dsa> (Minor issue)
NOTE:
https://github.com/psf/black/security/advisories/GHSA-3936-cmfr-pm3m
NOTE: https://github.com/psf/black/pull/5038
NOTE: Fixed by:
https://github.com/psf/black/commit/4937fe6cf241139ddbfc16b0bdbb5b422798909d
(26.3.1)
@@ -13400,12 +13411,16 @@ CVE-2026-24103 (A buffer overflow vulnerability was
discovered in goform/formSet
NOT-FOR-US: Tenda
CVE-2026-22891 (A heap-based buffer overflow vulnerability exists in the Intan
CLP par ...)
- biosig <unfixed> (bug #1130889)
+ [trixie] - biosig <no-dsa> (Minor issue)
+ [bookworm] - biosig <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2361
NOTE: Fixed by:
https://sourceforge.net/p/biosig/code/ci/3002bdc6f46225a4e76caefdd2444276e6c5b0a7/
(v3.9.3)
CVE-2026-22886 (OpenMQ exposes a TCP-based management service (imqbrokerd)
that by def ...)
NOT-FOR-US: OpenMQ
CVE-2026-20777 (A heap-based buffer overflow vulnerability exists in the
Nicolet WFT p ...)
- biosig <unfixed> (bug #1130889)
+ [trixie] - biosig <no-dsa> (Minor issue)
+ [bookworm] - biosig <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2362
NOTE: Fixed by:
https://sourceforge.net/p/biosig/code/ci/abe197c3627256ef3615a2d2f808ded069e1df4b/
(v3.9.3)
CVE-2026-1265 (IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is
vulnera ...)
@@ -13429,6 +13444,8 @@ CVE-2025-66363 (An issue was discovered in LBS in
Samsung Mobile Processor Exyno
NOT-FOR-US: Samsung
CVE-2025-64736 (An out-of-bounds read vulnerability exists in the ABF parsing
function ...)
- biosig <unfixed> (bug #1130889)
+ [trixie] - biosig <no-dsa> (Minor issue)
+ [bookworm] - biosig <no-dsa> (Minor issue)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2323
NOTE: Fixed by:
https://sourceforge.net/p/biosig/code/ci/718741c09e0b065b8ad0ebf66128a44899554930/
(v3.9.3)
CVE-2025-63912 (Cohesity TranZman Migration Appliance Release 4.0 Build 14614
was disc ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51f23ebd89ada9881ab8a89a8d2d566e4690c77f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/51f23ebd89ada9881ab8a89a8d2d566e4690c77f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
