Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
158489d5 by Moritz Muehlenhoff at 2026-03-30T16:13:56+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -227,8 +227,7 @@ CVE-2016-20046 (zFTP Client 20061220+dfsg3-4.1 contains a
buffer overflow vulner
CVE-2016-20045 (HNB Organizer 1.9.18-10 contains a local buffer overflow
vulnerability ...)
NOT-FOR-US: HNB Organizer
CVE-2016-20044 (PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability
that al ...)
- - pinfo <undetermined>
- NOTE: https://www.exploit-db.com/exploits/40023
+ NOTE: Bogus CVE assignment for pinfo
CVE-2016-20043 (NRSS RSS Reader 0.3.9-1 contains a stack buffer overflow
vulnerability ...)
- nrss <removed>
CVE-2016-20042 (TRN 3.6-23 contains a stack buffer overflow vulnerability that
allows ...)
@@ -6100,9 +6099,13 @@ CVE-2026-4427
REJECTED
CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior
vulnerability ex ...)
- libarchive <unfixed> (bug #1131444)
+ [trixie] - libarchive <postponed> (Minor issue, revisit when fixed
upstream)
+ [bookworm] - libarchive <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/libarchive/libarchive/pull/2897
CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read
vulnerabi ...)
- libarchive <unfixed> (bug #1131446)
+ [trixie] - libarchive <postponed> (Minor issue, revisit when fixed
upstream)
+ [bookworm] - libarchive <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/libarchive/libarchive/pull/2898
CVE-2026-3658 (The Appointment Booking Calendar \u2014 Simply Schedule
Appointments B ...)
NOT-FOR-US: WordPress plugin
@@ -7085,6 +7088,7 @@ CVE-2026-32981 (A path traversal vulnerability was
identified in Ray Dashboard (
NOT-FOR-US: Ray Dashboard
CVE-2026-32837 (miniaudio version 0.11.25 and earlier contain a heap
out-of-bounds rea ...)
- miniaudio <unfixed>
+ [trixie] - miniaudio <no-dsa> (Minor issue)
NOTE: https://github.com/mackron/miniaudio/issues/1101
CVE-2026-32836 (dr_libsdr_flac.h version 0.13.3 and earlier contain an
uncontrolled me ...)
TODO: check
@@ -12291,7 +12295,10 @@ CVE-2025-13350 (Ubuntu Linux 6.8 GA retains the legacy
AF_UNIX garbage collector
NOTE: https://www.openwall.com/lists/oss-security/2026/03/05/7
CVE-2025-11143 (The Jetty URI parser has some key differences to other common
parsers ...)
- jetty12 12.0.32-1
+ [trixie] - jetty12 <no-dsa> (Minor issue)
- jetty9 <unfixed>
+ [trixie] - jetty9 <no-dsa> (Minor issue)
+ [bookworm] - jetty9 <no-dsa> (Minor issue)
- jetty <removed>
NOTE:
https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
NOTE: Fixed by:
https://github.com/jetty/jetty.project/commit/28d9af2a2a3346d7edd35e3b6372a68c5a3be4a5
(jetty-12.1.5)
@@ -53661,6 +53668,8 @@ CVE-2025-3500 (Integer Overflow or Wraparound
vulnerability in Avast Antivirus (
NOT-FOR-US: Avast Antivirus
CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an
integer o ...)
- kissfft <unfixed> (bug #1131147)
+ [trixie] - kissfft <no-dsa> (Minor issue)
+ [bookworm] - kissfft <no-dsa> (Minor issue)
NOTE: https://github.com/mborgerding/kissfft/issues/120
NOTE: Fixed by:
https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/158489d51bb5b36fff2b25d1af3267c17c0d6c91
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/158489d51bb5b36fff2b25d1af3267c17c0d6c91
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
