Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a86b29bf by Moritz Muehlenhoff at 2026-04-07T08:39:13+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9073,6 +9073,7 @@ CVE-2024-13785 (The The Contact Form, Survey, Quiz &
Popup Form Builder \u2013 A
CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the
URL which ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
@@ -10332,6 +10333,7 @@ CVE-2026-4396 (Improper certificate validation in
Devolutions Hub Reporting Serv
CVE-2026-3479 (pkgutil.get_data() did not validate the resource argument as
documente ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
@@ -11262,6 +11264,7 @@ CVE-2026-4227 (A security vulnerability has been
detected in LB-LINK BL-WR9000 2
CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler
parses an in ...)
- python3.14 3.14.3-4
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
@@ -11279,6 +11282,7 @@ CVE-2026-4224 (When an Expat parser with a registered
ElementDeclHandler parses
CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in
http.c ...)
- python3.14 3.14.3-4
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/
@@ -18589,21 +18593,29 @@ CVE-2026-3285 (A vulnerability was determined in
berry-lang berry up to 1.1.0. T
NOT-FOR-US: berry-lang berry
CVE-2026-3284 (A vulnerability was found in libvips 8.19.0. Impacted is the
function ...)
- vips 8.18.0-3 (bug #1129310)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point
release)
NOTE: https://github.com/libvips/libvips/issues/4879
NOTE: https://github.com/libvips/libvips/pull/4887
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70
CVE-2026-3283 (A vulnerability has been found in libvips 8.19.0. This issue
affects t ...)
- vips 8.18.0-3 (bug #1129310)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point
release)
NOTE: https://github.com/libvips/libvips/issues/4880
NOTE: https://github.com/libvips/libvips/pull/4887
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70
CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability
affects th ...)
- vips 8.18.0-3 (bug #1129311)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point
release)
NOTE: https://github.com/libvips/libvips/issues/4881
NOTE: https://github.com/libvips/libvips/pull/4886
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91
CVE-2026-3281 (A vulnerability was detected in libvips 8.19.0. This affects
the funct ...)
- vips 8.18.0-3 (bug #1129312)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point
release)
NOTE: https://github.com/libvips/libvips/issues/4878
NOTE: https://github.com/libvips/libvips/pull/4895
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088
@@ -19628,16 +19640,22 @@ CVE-2026-3148 (A vulnerability was determined in
SourceCodester Simple and Nice
NOT-FOR-US: SourceCodester
CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects
the fu ...)
- vips 8.18.0-3 (bug #1129314)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point
release)
NOTE: https://github.com/libvips/libvips/issues/4874
NOTE: https://github.com/libvips/libvips/pull/4894
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/b3ab458a25e0e261cbd1788474bbc763f7435780
CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The
impacted e ...)
- vips 8.18.0-3 (bug #1129315)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point
release)
NOTE: https://github.com/libvips/libvips/issues/4875
NOTE: https://github.com/libvips/libvips/pull/4888
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece
CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected
element is ...)
- vips 8.18.0-3 (bug #1129315)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point
release)
NOTE: https://github.com/libvips/libvips/issues/4876
NOTE: https://github.com/libvips/libvips/pull/4888
NOTE: Fixed by:
https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86b29bf3f82202beb48f216e096f47eefab4bb5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86b29bf3f82202beb48f216e096f47eefab4bb5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
