Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9dffb311 by Moritz Muehlenhoff at 2026-03-31T13:46:32+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -543,8 +543,9 @@ CVE-2018-25223 (Crashmail 1.6 contains a stack-based buffer
overflow vulnerabili
- crashmail <undetermined>
NOTE: https://www.exploit-db.com/exploits/44331
CVE-2018-25222 (SC v7.16 contains a stack-based buffer overflow vulnerability
that all ...)
- - sc <unfixed>
+ - sc <unfixed> (unimportant)
NOTE: https://www.exploit-db.com/exploits/44279
+ NOTE: Crash in CLI tool, no security impact
CVE-2018-25221 (EChat Server 3.1 contains a buffer overflow vulnerability in
the chat. ...)
NOT-FOR-US: EChat Server
CVE-2018-25220 (Bochs 2.6-5 contains a stack-based buffer overflow
vulnerability that ...)
@@ -1941,38 +1942,47 @@ CVE-2025-14684 (IBM Maximo Application Suite - Monitor
Component 9.1, 9.0, 8.11,
CVE-2026-33952 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93
CVE-2026-33977 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5
CVE-2026-33995 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx
CVE-2026-33984 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6
CVE-2026-33983 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478
CVE-2026-33985 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85
CVE-2026-33986 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97
CVE-2026-33987 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc
CVE-2026-33982 (FreeRDP is a free implementation of the Remote Desktop
Protocol. Prior ...)
- freerdp3 3.24.2+dfsg-1
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE:
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2
CVE-2014-125112 (Plack::Middleware::Session::Cookie versions through 0.21 for
Perl allo ...)
- libplack-middleware-session-perl 0.24-1
@@ -4216,9 +4226,10 @@ CVE-2026-4753 (Out-of-bounds Read vulnerability in
slajerek RetroDebugger.This i
CVE-2026-4752 (Use After Free vulnerability in No-Chicken Echo-Mate.This issue
affect ...)
NOT-FOR-US: No-Chicken Echo-Mate
CVE-2026-4751 (NULL Pointer Dereference vulnerability in tmate-io tmate.This
issue af ...)
- - tmate <unfixed> (bug #1132019)
+ - tmate <unfixed> (bug #1132019; unimportant)
NOTE: https://github.com/tmate-io/tmate/pull/328
NOTE: Fixed by:
https://github.com/tmate-io/tmate/commit/3e12f558c7b71b7135403cdd2df77d38538a695c
+ NOTE: Crash in CLI tool, no security impact
CVE-2026-4750 (Out-of-bounds Read vulnerability in fabiangreffrath woof.This
issue af ...)
- woof-doom 15.3.0+dfsg-2
[trixie] - woof-doom <no-dsa> (Minor issue)
@@ -6846,13 +6857,15 @@ CVE-2025-13995 (IBM QRadar SIEM7.5.0 through 7.5.0
Update Package 14 could allow
CVE-2024-42210 (A Stored cross-site scripting (XSS) vulnerability affects HCL
Unica Ma ...)
NOT-FOR-US: HCL
CVE-2026-31973 (SAMtools is a program for reading, manipulating and writing
bioinforma ...)
- - samtools <unfixed>
+ - samtools <unfixed> (unimportant)
NOTE:
https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43
NOTE: Fixed by:
https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd51199f2f
+ NOTE: Crash in CLI tool, no security impact
CVE-2026-31972 (SAMtools is a program for reading, manipulating and writing
bioinforma ...)
- - samtools <unfixed>
+ - samtools <unfixed> (unimportant)
NOTE:
https://github.com/samtools/samtools/security/advisories/GHSA-72c8-4jf3-f27p
NOTE: Fixed by:
https://github.com/samtools/samtools/commit/3036eb9af945fcef359427a2d359855553da4adf
+ NOTE: Crash in CLI tool, no security impact
CVE-2026-4396 (Improper certificate validation in Devolutions Hub Reporting
Service ...)
NOT-FOR-US: Devolutions
CVE-2026-3479 (pkgutil.get_data() did not validate the resource argument as
documente ...)
@@ -14967,6 +14980,7 @@ CVE-2026-21654 (Improper Neutralization of Special
Elements used in an OS Comman
NOT-FOR-US: Johnson Controls
CVE-2026-21619 (Uncontrolled Resource Consumption, Deserialization of
Untrusted Data v ...)
- erlang-hex <unfixed>
+ [trixie] - erlang-hex <no-dsa> (Minor issue)
- rebar3 3.27.0-1
NOTE: https://github.com/advisories/GHSA-hx9w-f2w9-9g96
NOTE:
https://github.com/hexpm/hex_core/commit/cdf726095bca85ad2549d146df1e831ae93c2b13
(v0.12.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dffb31162dadd916faa86199f9e29db671c488a
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dffb31162dadd916faa86199f9e29db671c488a
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
