[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2026-33554 as postponed for Bullseye

Thorsten Alteholz (@alteholz) Fri, 03 Apr 2026 03:43:11 -0700


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
a39229ef by Thorsten Alteholz at 2026-04-03T12:41:52+02:00
mark CVE-2026-33554 as postponed for Bullseye

- - - - -
48d44036 by Thorsten Alteholz at 2026-04-03T12:41:54+02:00
mark CVE-2025-11143 as postponed for Bullseye

- - - - -
f1bbd4e0 by Thorsten Alteholz at 2026-04-03T12:41:56+02:00
mark CVE-2025-34297 as postponed for Bullseye

- - - - -
43322850 by Thorsten Alteholz at 2026-04-03T12:41:58+02:00
mark CVE-2026-5037 as postponed for Bullseye

- - - - -
72cc867c by Thorsten Alteholz at 2026-04-03T12:42:00+02:00
mark CVE-2026-32711 as postponed for Bullseye

- - - - -
ec613d08 by Thorsten Alteholz at 2026-04-03T12:42:03+02:00
mark CVE-2026-4538 as postponed for Bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2285,6 +2285,7 @@ CVE-2026-5037 (A vulnerability was determined in mxml up 
to 4.0.4. This issue af
        - mxml 4.0.4-4 (bug #1132328)
        [trixie] - mxml <no-dsa> (Minor issue)
        [bookworm] - mxml <no-dsa> (Minor issue)
+       [bullseye] - mxml <postponed> (Minor issue)
        NOTE: https://github.com/michaelrsweet/mxml/issues/350
        NOTE: Fixed by: 
https://github.com/michaelrsweet/mxml/commit/6e27354466092a1ac65601e01ce6708710bb9fa5
 CVE-2026-5036 (A vulnerability was found in Tenda 4G06 04.06.01.29. This 
vulnerabilit ...)
@@ -5534,6 +5535,7 @@ CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.16.17 has 
exploitable buffer overf
        - freeipmi 1.6.17-1 (bug #1132018)
        [trixie] - freeipmi <no-dsa> (Minor issue)
        [bookworm] - freeipmi <no-dsa> (Minor issue)
+       [bullseye] - freeipmi <postponed> (Minor issue)
        NOTE: https://savannah.gnu.org/bugs/?68140
        NOTE: https://savannah.gnu.org/bugs/?68141
        NOTE: https://savannah.gnu.org/bugs/?68142
@@ -6924,6 +6926,7 @@ CVE-2026-4538 (A vulnerability was identified in PyTorch 
2.10.0. The affected el
        - pytorch <unfixed>
        [trixie] - pytorch <no-dsa> (Minor issue)
        [bookworm] - pytorch <no-dsa> (Minor issue)
+       [bullseye] - pytorch <postponed> (Minor issue)
        NOTE: https://github.com/pytorch/pytorch/pull/176791
 CVE-2026-4537 (A vulnerability was determined in Cudy TR1200 
R46-2.4.15-20250721-1640 ...)
        NOT-FOR-US: Cudy TR1200
@@ -8081,6 +8084,7 @@ CVE-2026-32711 (pydicom is a pure Python package for 
working with DICOM files. V
        - pydicom <unfixed> (bug #1131492)
        [trixie] - pydicom <no-dsa> (Minor issue)
        [bookworm] - pydicom <no-dsa> (Minor issue)
+       [bullseye] - pydicom <postponed> (Minor issue)
        NOTE: 
https://github.com/pydicom/pydicom/security/advisories/GHSA-v856-2rf8-9f28
        NOTE: Fixed by: 
https://github.com/pydicom/pydicom/commit/6414f01a053dff925578799f5a7208d2ae585e82
 (v3.0.2)
 CVE-2026-32697 (SuiteCRM is an open-source, enterprise-ready Customer 
Relationship Man ...)
@@ -14691,6 +14695,7 @@ CVE-2025-11143 (The Jetty URI parser has some key 
differences to other common pa
        - jetty9 <unfixed>
        [trixie] - jetty9 <no-dsa> (Minor issue)
        [bookworm] - jetty9 <no-dsa> (Minor issue)
+       [bullseye] - jetty9 <postponed> (Minor issue)
        - jetty <removed>
        NOTE: 
https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
        NOTE: Fixed by: 
https://github.com/jetty/jetty.project/commit/28d9af2a2a3346d7edd35e3b6372a68c5a3be4a5
 (jetty-12.1.5)
@@ -56087,6 +56092,7 @@ CVE-2025-34297 (KissFFT versions prior to the fix 
commit 1b083165 contain an int
        - kissfft <unfixed> (bug #1131147)
        [trixie] - kissfft <no-dsa> (Minor issue)
        [bookworm] - kissfft <no-dsa> (Minor issue)
+       [bullseye] - kissfft <postponed> (Minor issue)
        NOTE: https://github.com/mborgerding/kissfft/issues/120
        NOTE: Fixed by: 
https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
 CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor 
vulnerabili ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b262fe9632e5e8405126d9cb351f93de6de76468...ec613d0898fb6c5d2d8fe11f5885c9f301c8b342

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b262fe9632e5e8405126d9cb351f93de6de76468...ec613d0898fb6c5d2d8fe11f5885c9f301c8b342
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2026-33554 as postponed for Bullseye

Reply via email to