[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Tue, 07 Apr 2026 15:04:27 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
53e539c9 by Moritz Muehlenhoff at 2026-04-07T17:42:42+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5162,6 +5162,8 @@ CVE-2026-32846 (OpenClaw through 2026.3.23 (fixed in 
commit 4797bbc) contains a
        NOT-FOR-US: OpenClaw
 CVE-2026-32287 (Boolean XPath expressions that evaluate to true can cause an 
infinite  ...)
        - golang-github-antchfx-xpath 1.3.6-1
+       [trixie] - golang-github-antchfx-xpath <no-dsa> (Minor issue)
+       [bookworm] - golang-github-antchfx-xpath <no-dsa> (Minor issue)
        [bullseye] - golang-github-antchfx-xpath <postponed> (Limited support, 
minor issue, follow bookworm DSAs/point-releases)
        NOTE: https://github.com/antchfx/xpath/issues/121
        NOTE: Fixed by: 
https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494
 (v1.3.6)
@@ -25655,6 +25657,8 @@ CVE-2026-26019 (LangChain is a framework for building 
LLM-powered applications.
 CVE-2026-26014 (Pion DTLS is a Go implementation of Datagram Transport Layer 
Security. ...)
        - golang-github-pion-dtls-v3 <unfixed> (bug #1127927)
        - golang-github-pion-dtls.v2 <unfixed> (bug #1127928)
+       [trixie] - golang-github-pion-dtls.v2 <no-dsa> (Minor issue)
+       [bookworm] - golang-github-pion-dtls.v2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/pion/dtls/security/advisories/GHSA-9f3f-wv7r-qc8r
        NOTE: https://github.com/pion/dtls/pull/796
        NOTE: Fixed by: 
https://github.com/pion/dtls/commit/61762dee8217991882c5eb79856b9e7a73ee349f 
(v3.1.0)


=====================================
data/dsa-needed.txt
=====================================
@@ -93,10 +93,7 @@ smb4k/oldstable
 --
 sympa/oldstable
 --
-systemd
-  In contact with maintainer, should be released via point releases, then drop 
item
---
-tiff
+tiff (jmm)
 --
 webkit2gtk (berto)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53e539c97ff2b699193391397cf63c74d25139dc

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/53e539c97ff2b699193391397cf63c74d25139dc
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to