bookworm triage

Moritz Muehlenhoff (@jmm) Sun, 05 Apr 2026 16:17:19 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
c254abe9 by Moritz Muehlenhoff at 2026-04-06T00:32:23+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3837,6 +3837,7 @@ CVE-2026-33638 (Ech0 is an open-source, self-hosted 
publishing platform for pers
        NOT-FOR-US: Ech0
 CVE-2026-33635 (iCalendar is a Ruby library for dealing with iCalendar files 
in the iC ...)
        - ruby-icalendar <removed>
+       [bookworm] - ruby-icalendar <ignored> (Minor issue)
        NOTE: 
https://github.com/icalendar/icalendar/security/advisories/GHSA-pv9c-9mfh-hvxq
        NOTE: Fixed by: 
https://github.com/icalendar/icalendar/commit/b8d23b490363ee5fffaec1d269a8618a912ca265
 (v2.12.2)
 CVE-2026-33628 (Invoice Ninja is a source-available invoice, quote, project 
and time-t ...)
@@ -8488,6 +8489,7 @@ CVE-2026-4519 (The webbrowser.open() API would accept 
leading dashes in the URL
        - python3.14 <unfixed>
        - python3.13 <unfixed>
        - python3.11 <removed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
        - python2.7 <removed>
        [bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
@@ -15678,6 +15680,7 @@ CVE-2025-69534 (Python-Markdown version 3.8 contain a 
vulnerability where malfor
        - python3.14 <not-affected> (Fixed before initial upload to Debian 
unstable)
        - python3.13 3.13.4-1
        - python3.11 <removed>
+       [bookworm] - python3.11 <no-dsa> (Minor issue)
        - python3.9 <removed>
        - pypy3 <unfixed>
        [trixie] - pypy3 <no-dsa> (Minor issue)
@@ -18953,24 +18956,29 @@ CVE-2026-26965 (FreeRDP is a free implementation of 
the Remote Desktop Protocol.
 CVE-2026-26955 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mr6w-ch7c-mqqj
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337cb86cb37fc0c436c905e04d77
 (3.23.0)
 CVE-2026-26271 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
 CVE-2026-25997 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5j3-m6jf-3jq4
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/58409406afe7c2a8a71ed2dc8e22075be4f41c0c
 (3.23.0)
 CVE-2026-25959 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78xg-v4p2-4w3c
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/d3e8b3b9365be96a4f11dda149d71b3287227d0a
 (3.23.0)
 CVE-2026-25955 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4g54-x8v7-559x
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/169d358734509e82663a0d6a0085ae726d439d8e
 (3.23.0)
 CVE-2026-25954 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
@@ -18979,21 +18987,25 @@ CVE-2026-25954 (FreeRDP is a free implementation of 
the Remote Desktop Protocol.
 CVE-2026-25953 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6rq-rxpc-rh3p
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5
 (3.23.0)
 CVE-2026-25952 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqm-cwjg-7w9x
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5
 (3.23.0)
 CVE-2026-25942 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78q6-67m7-wwf6
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc6b
 (3.23.0)
 CVE-2026-25941 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Versi ...)
        - freerdp3 3.23.0+dfsg-1
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3546-x645-5cf8
        NOTE: Fixed by: 
https://github.com/FreeRDP/FreeRDP/commit/2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2
 (3.23.0)
 CVE-2026-3179 (The FTP Backup on the ADM does not properly sanitize filenames 
receive ...)
@@ -76934,8 +76946,8 @@ CVE-2025-59937 (go-mail is a comprehensive library for 
sending mails with Go. In
        NOT-FOR-US: go-mail
 CVE-2025-59933 (libvips is a demand-driven, horizontally threaded image 
processing lib ...)
        - vips 8.17.3-1 (bug #1117049)
-       [trixie] - vips <no-dsa> (Minor issue)
-       [bookworm] - vips <no-dsa> (Minor issue)
+       [trixie] - vips <ignored> (Minor issue)
+       [bookworm] - vips <ignored> (Minor issue)
        [bullseye] - vips <postponed> (minor issue; low impact, workaround 
exists)
        NOTE: 
https://github.com/libvips/libvips/security/advisories/GHSA-q8px-4w5q-c2r4
        NOTE: 
https://github.com/libvips/libvips/commit/a58bfae9223a5466cc81ba9fe6dfb08233cf17d1
 (v8.17.2)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c254abe9eb469db249196dcaa1993e8597c1ecd1

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c254abe9eb469db249196dcaa1993e8597c1ecd1
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to