[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
44165f68 by Moritz Muehlenhoff at 2026-04-04T16:32:58+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -149,6 +149,8 @@ CVE-2026-27481 (Discourse is an open-source discussion 
platform. From versions 2
        NOT-FOR-US: Discourse
 CVE-2026-27447 (OpenPrinting CUPS is an open source printing system for Linux 
and othe ...)
        - cups <unfixed>
+       [trixie] - cups <no-dsa> (Minor issue)
+       [bookworm] - cups <no-dsa> (Minor issue)
        NOTE: 
https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
        NOTE: Fixed by: 
https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
 CVE-2026-26058 (Zulip is an open-source team collaboration tool. From version 
1.4.0 to ...)
@@ -1245,9 +1247,11 @@ CVE-2026-0634 (Code execution in AssistFeedbackService 
of TECNO Pova7 Pro 5G on
 CVE-2025-65114 (Apache Traffic Server allows request smuggling if chunked 
messages are ...)
        - trafficserver <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/04/02/6
+       NOTE: 
https://github.com/apache/trafficserver/commit/e5accd7929c5cb96a01cc9afda1f6336dab59b64
 (9.2.13)
 CVE-2025-58136 (A bug in POST request handling causes a crash under a certain 
conditio ...)
        - trafficserver <unfixed>
        NOTE: https://www.openwall.com/lists/oss-security/2026/04/02/6
+       NOTE: 
https://github.com/apache/trafficserver/commit/cb9e4a162fe16101f3c0a9baafe6bf5baa17b68c
 (9.2.13)
 CVE-2025-43264 (The issue was addressed with improved memory handling. This 
issue is f ...)
        NOT-FOR-US: Apple
 CVE-2025-43257 (This issue was addressed with improved handling of symlinks. 
This issu ...)
@@ -3107,8 +3111,7 @@ CVE-2025-9497 (Use of Hard-coded Credentials 
vulnerability in Microchip Time Pro
 CVE-2018-25225 (SIPP 3.3 contains a stack-based buffer overflow vulnerability 
that all ...)
        - sipp <removed>
 CVE-2018-25224 (PMS 0.42 contains a stack-based buffer overflow vulnerability 
that all ...)
-       - pms <unfixed>
-       NOTE: https://www.exploit-db.com/exploits/44426
+       NOT-FOR-US: Bogus CVE assignment for pms
 CVE-2018-25223 (Crashmail 1.6 contains a stack-based buffer overflow 
vulnerability tha ...)
        - crashmail <undetermined>
        NOTE: https://www.exploit-db.com/exploits/44331
@@ -7652,11 +7655,9 @@ CVE-2019-25588 (BulletProof FTP Server 2019.0.0.50 
contains a denial of service
 CVE-2019-25587 (BulletProof FTP Server 2019.0.0.50 contains a denial of 
service vulner ...)
        NOT-FOR-US: BulletProof FTP Server
 CVE-2019-25586 (Deluge 1.3.15 contains a denial of service vulnerability that 
allows l ...)
-       - deluge <undetermined>
-       TODO: check details
+       NOTE: Bogus CVE assignment for Deluge
 CVE-2019-25585 (Deluge 1.3.15 contains a denial of service vulnerability that 
allows l ...)
-       - deluge <undetermined>
-       TODO: check details
+       NOTE: Bogus CVE assignment for Deluge
 CVE-2019-25584 (RarmaRadio 2.72.3 contains a buffer overflow vulnerability in 
the Serv ...)
        NOT-FOR-US: RarmaRadio
 CVE-2019-25583 (RarmaRadio 2.72.3 contains a denial of service vulnerability 
in the Us ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -97,6 +97,8 @@ tiff
 --
 tor (jmm)
 --
+trafficserver/oldstable (jmm)
+--
 valkey
   NMU proposed for review by Peter Wienemann, but should ideally get some 
commit from maintainers and
   fix in unstable.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44165f68e2ee32d74bca19e6001cc89b1270329a

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44165f68e2ee32d74bca19e6001cc89b1270329a
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits