bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 05 Apr 2026 15:56:35 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
802ccdb5 by Moritz Muehlenhoff at 2026-04-06T00:55:37+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11860,11 +11860,14 @@ CVE-2026-2890 (The Formidable Forms plugin for 
WordPress is vulnerable to a paym
        NOT-FOR-US: WordPress plugin
 CVE-2026-2581 (This is an uncontrolled resource consumption vulnerability 
(CWE-400) t ...)
        - node-undici 7.24.5+dfsg+~cs3.2.0-1 (bug #1130885)
+       [trixie] - node-undici <no-dsa> (Minor issue)
        [bookworm] - node-undici <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-phc3-fgpg-7m6h
        NOTE: 
https://github.com/nodejs/undici/commit/5890c7b7076894d00402f0c23c0fe72e59c72ff4
 (v7.24.0)
 CVE-2026-2229 (ImpactThe undici WebSocket client is vulnerable to a 
denial-of-service ...)
        - node-undici 7.24.5+dfsg+~cs3.2.0-1 (bug #1130884)
+       [trixie] - node-undici <no-dsa> (Minor issue)
+       [bookworm] - node-undici <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-v9p9-hfj2-hcw8
        NOTE: 
https://github.com/nodejs/undici/commit/e9e2997ed18bff6ae389712d5f0e169f8a6546a0
 (v6.24.0)
        NOTE: 
https://github.com/nodejs/undici/commit/cb79c5704ac47e42ce01a72269994fc70e377536
 (v7.24.0)
@@ -33670,9 +33673,9 @@ CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22 
are vulnerable to prototyp
 CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), 
and urlsaf ...)
        - python3.14 <unfixed>
        - python3.13 <unfixed>
-       [trixie] - python3.13 <no-dsa> (Minor issue)
+       [trixie] - python3.13 <ignored> (Not backported to older Python 
releases due to compat concerns)
        - python3.11 <removed>
-       [bookworm] - python3.11 <no-dsa> (Minor issue)
+       [bookworm] - python3.11 <ignored> (Not backported to older Python 
releases due to compat concerns)
        - python3.9 <removed>
        [bullseye] - python3.9 <ignored> (Minor issue, no fix, only additional 
warnings)
        - pypy3 <unfixed>
@@ -34074,9 +34077,9 @@ CVE-2025-15367 (The poplib module, when passed a 
user-controlled command, can ha
        {DLA-4455-1}
        - python3.14 <unfixed>
        - python3.13 <unfixed>
-       [trixie] - python3.13 <no-dsa> (Minor issue)
+       [trixie] - python3.13 <ignored> (Not backported to older Python 
releases due to compat concerns)
        - python3.11 <removed>
-       [bookworm] - python3.11 <no-dsa> (Minor issue)
+       [bookworm] - python3.11 <ignored> (Not backported to older Python 
releases due to compat concerns)
        - python3.9 <removed>
        - pypy3 <unfixed>
        [trixie] - pypy3 <no-dsa> (Minor issue)
@@ -34097,9 +34100,9 @@ CVE-2025-15366 (The imaplib module, when passed a 
user-controlled command, can h
        {DLA-4455-1}
        - python3.14 <unfixed>
        - python3.13 <unfixed>
-       [trixie] - python3.13 <no-dsa> (Minor issue)
+       [trixie] - python3.13 <ignored> (Not backported to older Python 
releases due to compat concerns)
        - python3.11 <removed>
-       [bookworm] - python3.11 <no-dsa> (Minor issue)
+       [bookworm] - python3.11 <ignored> (Not backported to older Python 
releases due to compat concerns)
        - python3.9 <removed>
        - pypy3 <unfixed>
        [trixie] - pypy3 <no-dsa> (Minor issue)
@@ -56450,6 +56453,7 @@ CVE-2025-12084 (When building nested elements using 
xml.dom.minidom methods such
        NOTE: Fixed by: 
https://github.com/python/cpython/commit/a46c10ec9d4050ab67b8a932e0859a2ea60c3cb8
 (v3.11.15)
        NOTE: Regression: https://github.com/python/cpython/issues/142754
        NOTE: Regression: 
https://github.com/python/cpython/commit/1cc7551b3f9f71efbc88d96dce90f82de98b2454
 (v3.15.0a3)
+       NOTE: Regression: 
https://github.com/python/cpython/commit/86747f1a1a7b4f0ea2d47fe94b841c224bae5073
 (v3.13.12)
 CVE-2024-3884 (A flaw was found in Undertow that can cause remote denial of 
service a ...)
        - undertow <unfixed> (bug #1123001)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2275287



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802ccdb5ad845f1f1aca4e52a932a7bb469ece5f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/802ccdb5ad845f1f1aca4e52a932a7bb469ece5f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to