Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54ba70b2 by Moritz Muehlenhoff at 2026-04-04T14:05:39+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20,6 +20,8 @@ CVE-2026-35468 (nimiq/core-rs-albatross is a Rust
implementation of the Nimiq Pr
NOT-FOR-US: nimiq/core-rs-albatross
CVE-2026-34990 (OpenPrinting CUPS is an open source printing system for Linux
and othe ...)
- cups <unfixed>
+ [trixie] - cups <no-dsa> (Minor issue)
+ [bookworm] - cups <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
CVE-2026-34980 (OpenPrinting CUPS is an open source printing system for Linux
and othe ...)
- cups <unfixed>
@@ -29,6 +31,8 @@ CVE-2026-34979 (OpenPrinting CUPS is an open source printing
system for Linux an
NOTE:
https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh
CVE-2026-34978 (OpenPrinting CUPS is an open source printing system for Linux
and othe ...)
- cups <unfixed>
+ [trixie] - cups <no-dsa> (Minor issue)
+ [bookworm] - cups <no-dsa> (Minor issue)
NOTE:
https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
CVE-2026-34955 (PraisonAI is a multi-agent teams system. Prior to version
4.5.97, Subp ...)
NOT-FOR-US: PraisonAI
@@ -54,6 +58,8 @@ CVE-2026-34934 (PraisonAI is a multi-agent teams system.
Prior to version 4.5.90
NOT-FOR-US: PraisonAI
CVE-2026-34933 (Avahi is a system which facilitates service discovery on a
local netwo ...)
- avahi <unfixed>
+ [trixie] - avahi <no-dsa> (Minor issue)
+ [bookworm] - avahi <no-dsa> (Minor issue)
NOTE:
https://github.com/avahi/avahi/security/advisories/GHSA-w65r-6gxh-vhvc
NOTE: https://github.com/avahi/avahi/pull/891
NOTE: Fixed by:
https://github.com/avahi/avahi/commit/0be89b6bb5c3983837b5e0febcbbbf452ecf7675
(v0.9-rc4)
@@ -2611,13 +2617,15 @@ CVE-2026-32884 (Botan is a C++ cryptography library.
Prior to version 3.11.0, du
CVE-2026-32883 (Botan is a C++ cryptography library. From version 3.0.0 to
before vers ...)
[experimental] - botan3 3.11.0+dfsg-1
- botan3 <unfixed>
- - botan <removed>
+ - botan <not-affected> (Only affects Botan 3x)
NOTE:
https://github.com/randombit/botan/security/advisories/GHSA-9j2j-hqmc-hf5x
+ NOTE:
https://github.com/randombit/botan/commit/acbffadcede18b36eea42beae57e6cae4b4da4a0
(3.11.0)
CVE-2026-32877 (Botan is a C++ cryptography library. From version 2.3.0 to
before vers ...)
[experimental] - botan3 3.11.0+dfsg-1
- botan3 <unfixed>
- botan <removed>
NOTE:
https://github.com/randombit/botan/security/advisories/GHSA-7jj6-4r42-w9h6
+ NOTE:
https://github.com/randombit/botan/commit/f3c31f96f58f1d1d482032d8f4286dc9ebbc6712
(3.11.0)
CVE-2026-32794 (Improper Certificate Validation vulnerability in Apache
Airflow Provid ...)
NOT-FOR-US: Apache Airflow Provider for Databricks
CVE-2026-32734 (baserCMS is a website development framework. Prior to version
5.2.3, b ...)
@@ -7968,6 +7976,8 @@ CVE-2026-33154 (dynaconf is a configuration management
tool for Python. Prior to
NOTE: Fixed by:
https://github.com/dynaconf/dynaconf/commit/2fbb45ee36b8c0caa5b924fe19f3c1a5e8603fa7
(3.2.13)
CVE-2026-33151 (Socket.IO is an open source, real-time, bidirectional,
event-based, co ...)
- node-socket.io-parser 4.2.1+~3.1.0-4 (bug #1131477)
+ [trixie] - node-socket.io-parser <no-dsa> (Minor issue)
+ [bookworm] - node-socket.io-parser <no-dsa> (Minor issue)
NOTE:
https://github.com/socketio/socket.io/security/advisories/GHSA-677m-j7p3-52f9
NOTE: Fixed by:
https://github.com/socketio/socket.io/commit/b25738c416c4e32fbff62ee182afa8f6d0dacf78
(main)
NOTE: Fixed by:
https://github.com/socketio/socket.io/commit/719f9ebab0772ffb882bd614b387e585c1aa75d4
([email protected])
@@ -10718,6 +10728,8 @@ CVE-2026-32776 (libexpat before 2.7.5 allows a NULL
pointer dereference with emp
NOTE: Fixed by:
https://github.com/libexpat/libexpat/commit/5be25657583ea91b09025c858b4785834c20f59c
CVE-2026-32775 (libexif through 0.6.25 has a flaw in decoding MakerNotes. If
the exif_ ...)
- libexif <unfixed> (bug #1131116)
+ [trixie] - libexif <no-dsa> (Minor issue)
+ [bookworm] - libexif <no-dsa> (Minor issue)
NOTE: https://github.com/libexif/libexif/issues/247
NOTE: Fixed by:
https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692
CVE-2026-31386 (OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed
Technologies c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ba70b21a24748bb58a0ccffa6ae17bb77caefe
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ba70b21a24748bb58a0ccffa6ae17bb77caefe
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
