[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Tue, 07 Apr 2026 02:40:32 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d8370482 by Moritz Muehlenhoff at 2026-04-07T11:32:47+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8644,6 +8644,8 @@ CVE-2019-25590 (Axessh 4.2 contains a denial of service 
vulnerability in the log
        NOT-FOR-US: Axessh
 CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() 
password hashin ...)
        - ruby-bcrypt 3.1.22-1
+       [trixie] - ruby-bcrypt <no-dsa> (Minor issue)
+       [bookworm] - ruby-bcrypt <no-dsa> (Minor issue)
        NOTE: 
https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
        NOTE: Fixed by: 
https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4
 (v3.1.22)
 CVE-2026-23538
@@ -18713,6 +18715,8 @@ CVE-2026-21619 (Uncontrolled Resource Consumption, 
Deserialization of Untrusted
        - erlang-hex <unfixed>
        [trixie] - erlang-hex <no-dsa> (Minor issue)
        - rebar3 3.27.0-1
+       [trixie] - rebar3 <no-dsa> (Minor issue)
+       [bookworm] - rebar3 <no-dsa> (Minor issue)
        NOTE: https://github.com/advisories/GHSA-hx9w-f2w9-9g96
        NOTE: 
https://github.com/hexpm/hex_core/commit/cdf726095bca85ad2549d146df1e831ae93c2b13
 (v0.12.1)
        NOTE: 
https://github.com/hexpm/hex/commit/636739f3322514e9303ca335fb630696fcbb3c95 
(v2.3.2)
@@ -77831,8 +77835,8 @@ CVE-2025-11163 (The SmartCrawl SEO checker, analyzer & 
optimizer plugin for Word
        NOT-FOR-US: WordPress plugin
 CVE-2025-11149 (This affects all versions of the package node-static; all 
versions of  ...)
        - node-static <removed> (bug #1117504)
-       [trixie] - node-static <no-dsa> (Minor issue)
-       [bookworm] - node-static <no-dsa> (Minor issue)
+       [trixie] - node-static <ignored> (Minor issue)
+       [bookworm] - node-static <ignored> (Minor issue)
        [bullseye] - node-static <no-dsa> (Minor issue)
 CVE-2025-11148 (All versions of the package check-branches are vulnerable to 
Command I ...)
        NOT-FOR-US: check-branches Node.js package



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d837048218ed12127e2feef2952ecada7f73de2c

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d837048218ed12127e2feef2952ecada7f73de2c
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to