Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
926450e4 by Daniel Leidert at 2026-05-08T01:34:52+02:00
dla-needed: add postorius
- - - - -
f3ca9635 by Daniel Leidert at 2026-05-08T01:38:31+02:00
lts: mark CVE-2026-43002/horizon as not affecting Bullseye
- - - - -
c718d01e by Daniel Leidert at 2026-05-08T01:43:16+02:00
dla-needed: add libreoffice
- - - - -
a1b6c111 by Daniel Leidert at 2026-05-08T01:52:53+02:00
lts: mark CVE-2026-41409/mina2 as not affecting Bullseye
- - - - -
e7d29fa7 by Daniel Leidert at 2026-05-08T01:55:42+02:00
dla-needed: add apache2
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2471,6 +2471,7 @@ CVE-2026-43002 (An issue was discovered in OpenStack
Horizon 25.6 and 25.7 befor
- horizon 3:25.7.3-1 (bug #1135810)
[trixie] - horizon <not-affected> (Vulnerable code not present)
[bookworm] - horizon <not-affected> (Vulnerable code not present)
+ [bullseye] - horizon <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/7
NOTE: https://bugs.launchpad.net/horizon/+bug/2150331
CVE-2026-42997 (An issue was discovered in idrac in OpenStack Ironic before
35.0.1. Du ...)
@@ -6531,6 +6532,7 @@ CVE-2026-41409 (The fix for CVE-2024-52046 in Apache MINA
AbstractIoBuffer.getOb
- mina2 <unfixed> (bug #1135347)
[trixie] - mina2 <no-dsa> (Minor issue)
[bookworm] - mina2 <not-affected> (Incomplete fix for CVE-2024-52046
not applied)
+ [bullseye] - mina2 <not-affected> (Incomplete fix for CVE-2024-52046
not applied)
- mina <not-affected> (Incomplete fix for CVE-2024-52046 not applied)
NOTE: https://lists.apache.org/thread/9ddvsq6c4l5bhwq8l14sob4f8qjvx5c9
NOTE: Issue exists because of an incomplete fix for CVE-2024-52046
=====================================
data/dla-needed.txt
=====================================
@@ -49,6 +49,10 @@ amd64-microcode
apache-log4j2
NOTE: 20260413: Added by Front-Desk (rouca)
--
+apache2
+ NOTE: 20260508: Added by Front-Desk (dleidert)
+ NOTE: 20260508: Follow DSA-6248-1 fixing 11 CVEs (dleidert/front-desk)
+--
asterisk
NOTE: 20260423: Added by Front-Desk (pochu)
--
@@ -249,6 +253,10 @@ libpng1.6 (tobi)
libraw
NOTE: 20260417: Added by Front-Desk (rouca)
--
+libreoffice
+ NOTE: 20260508: Added by Front-Desk (dleidert)
+ NOTE: 20260508: Follow DSA-6251-1 (dleidert/front-desk)
+--
libsoup2.4
NOTE: 20250408: Added by Front-Desk (Beuc)
NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...
@@ -436,6 +444,10 @@ php-phpseclib (utkarsh)
NOTE: 20260327: Added by Front-Desk (Beuc)
NOTE: 20260327: Upcoming DSA; fix also the postponed issue (Beuc/front-desk)
--
+postorius
+ NOTE: 20260508: Added by Front-Desk (dleidert)
+ NOTE: 20260508: Follow DSA and possibly prepare OSPU (dleidert/front-desk)
+--
pypdf2 (dleidert)
NOTE: 20260328: Added by Front-Desk (Beuc)
NOTE: 20260328: 6 new CVEs, and lots of postponed issues piled-up
(Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a19c2c9b8b3a7632ef32d5da02ea7fa2c07258f...e7d29fa78867e908f017879cd5bc3fadccc9dca7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a19c2c9b8b3a7632ef32d5da02ea7fa2c07258f...e7d29fa78867e908f017879cd5bc3fadccc9dca7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
