Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a41903f2 by Moritz Muehlenhoff at 2026-04-05T13:12:18+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1261,6 +1261,8 @@ CVE-2026-33746 (Convoy is a KVM server management panel
for hosting businesses.
NOT-FOR-US: Convoy
CVE-2026-33641 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances <unfixed> (bug #1132603)
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-qhj7-v7h7-q4c7
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/358d76a225fc21a9f95d2c4d7e46fafe64a644c6
(v4.5.3)
CVE-2026-33617 (An unauthenticated remote attacker can access a configuration
file con ...)
@@ -1277,6 +1279,8 @@ CVE-2026-33544 (Tinyauth is an authentication and
authorization server. Prior to
NOT-FOR-US: Tinyauth
CVE-2026-33533 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances <unfixed> (bug #1132603)
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-7p93-6934-f4q7
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/dcb39c3f12b2a1eec708c58d22d7a1d62bdf5fa1
(v4.5.3)
CVE-2026-33271 (Local privilege escalation due to insecure folder permissions.
The fol ...)
@@ -1425,6 +1429,8 @@ CVE-2023-7342 (HiSecOS web server versions 03.4.00 prior
to 04.1.00 contains a p
NOT-FOR-US: HiSecOS web server
CVE-2026-27456 (util-linux is a random collection of Linux utilities. Prior to
version ...)
- util-linux 2.42-1
+ [trixie] - util-linux <no-dsa> (Minor issue)
+ [bookworm] - util-linux <no-dsa> (Minor issue)
NOTE:
https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g
NOTE: Fixed by:
https://github.com/util-linux/util-linux/commit/0ba0f14caa812349424df0da00ac2d97fee9d972
(v2.42)
CVE-2026-23417 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
@@ -2048,7 +2054,8 @@ CVE-2026-5190 (Out-of-bounds write in the streaming
decoder component in aws-c-e
NOT-FOR-US: Amazon
CVE-2026-5186 (A weakness has been identified in Nothings stb up to 2.30. This
impact ...)
- libstb <unfixed>
- TODO: check upstream details
+ [trixie] - libstb <no-dsa> (Minor issue)
+ [bookworm] - libstb <no-dsa> (Minor issue)
CVE-2026-4947 (Addressed a potential insecure direct object reference (IDOR)
vulnerab ...)
NOT-FOR-US: Foxit
CVE-2026-4819 (In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit
logging ...)
@@ -2326,6 +2333,8 @@ CVE-2026-34156 (NocoBase is an AI-powered
no-code/low-code platform for building
NOT-FOR-US: NocoBase
CVE-2026-34155 (RAUC controls the update process on embedded Linux systems.
Prior to v ...)
- rauc 1.15.2-1
+ [trixie] - rauc <no-dsa> (Minor issue)
+ [bookworm] - rauc <no-dsa> (Minor issue)
NOTE:
https://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx
NOTE: Fixed by:
https://github.com/rauc/rauc/commit/4fb7c798d6ae412344fb8f8d310d773046af3441
(v1.15.2)
CVE-2026-33762 (go-git is an extensible git implementation library written in
pure Go. ...)
@@ -9652,26 +9661,38 @@ CVE-2026-32691 (A race condition in the secrets
management subsystem of Juju ver
- juju <removed>
CVE-2026-32634 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances 4.5.2+dfsg-1
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-vx5f-957p-qpvm
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/2abe8d8733e354f280bb3616150c7338b4940ff1
(v4.5.2)
CVE-2026-32633 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances 4.5.2+dfsg-1
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-r297-p3v4-wp8m
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/ee4fab4c32949bfc58992fa0ec99d3bbaa535644
(v4.5.2)
CVE-2026-32632 (Glances is an open-source system cross-platform monitoring
tool. Glanc ...)
- glances 4.5.2+dfsg-1
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-hhcg-r27j-fhv9
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/a8443489e35de44fb5842d6c9e04336e91dead88
(v4.5.2)
CVE-2026-32611 (Glances is an open-source system cross-platform monitoring
tool. The G ...)
- glances 4.5.2+dfsg-1
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-49g7-2ww7-3vf5
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/f3e94930e3d8a2ddf14d725701a1f47d0e6936e3
(v4.5.2)
CVE-2026-32610 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances 4.5.2+dfsg-1
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-9jfm-9rc6-2hfq
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/d69123847829a5a03a5feecb66f7ddee1807b1d3
(v4.5.2)
CVE-2026-32609 (Glances is an open-source system cross-platform monitoring
tool. The G ...)
- glances 4.5.2+dfsg-1
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-cvwp-r2g2-j824
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/16f6caf457b8bba7cb2531a85e9171330d5463d4
(v4.5.2)
CVE-2026-32565 (Missing Authorization vulnerability in Ajay Contextual Related
Posts c ...)
@@ -10069,12 +10090,16 @@ CVE-2026-32838 (Edimax GS-5008PL firmware version
1.00.54 and prior use cleartex
NOT-FOR-US: Edimax
CVE-2026-32608 (Glances is an open-source system cross-platform monitoring
tool. The G ...)
- glances 4.5.2+dfsg-1 (bug #1131197)
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-vcv2-q258-wrg7
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/5680a5da4afdf762fd44ced1f8160fb6d5c5dd16
(v4.5.2)
CVE-2026-32606 (IncusOS is an immutable OS image dedicated to running Incus.
Prior to ...)
NOT-FOR-US: IncusOS
CVE-2026-32596 (Glances is an open-source system cross-platform monitoring
tool. Prior ...)
- glances 4.5.2+dfsg-1 (bug #1131197)
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE:
https://github.com/nicolargo/glances/security/advisories/GHSA-wvxv-4j8q-4wjq
NOTE: Fixed by:
https://github.com/nicolargo/glances/commit/fb0263af0c2d06f87667eb804bc8e147f243aa5c
(v4.5.2)
CVE-2026-32268 (The Azure Blob Storage for Craft CMS plugin provides an Azure
Blob Sto ...)
@@ -20034,9 +20059,10 @@ CVE-2025-63946 (A privilege escalation (PE)
vulnerability in the Tencent PC Mana
CVE-2025-63945 (A privilege escalation (PE) vulnerability in the Tencent iOA
app thru ...)
NOT-FOR-US: Tencent iOA app
CVE-2025-61147 (strukturag libde265 commit d9fea9d wa discovered to contain a
segmenta ...)
- - libde265 1.0.18-1 (bug #1129257)
+ - libde265 1.0.18-1 (bug #1129257; unimportant)
NOTE: https://github.com/strukturag/libde265/issues/484
NOTE: Fixed by:
https://github.com/strukturag/libde265/commit/8b17e0930f77db07f55e0b89399a8f054ddbecf7
+ NOTE: Only applies to argument parsing
CVE-2025-61146 (saitoha libsixel until v1.8.7 was discovered to contain a
memory leak ...)
- libsixel <unfixed>
[trixie] - libsixel <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a41903f2107ac3b1dcdd765b90d8127ca97efd15
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a41903f2107ac3b1dcdd765b90d8127ca97efd15
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
