Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79ea49a7 by Salvatore Bonaccorso at 2026-05-12T16:19:33+02:00
Reserve DSA number for exim4 update and cleanup data
- - - - -
4 changed files:
- data/CVE/list
- data/DSA/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,6 +1,9 @@
CVE-2026-XXXX [Exim-Security-2026-05-01.1: TLS: on rxd close with CHUNKING
active, clean the input processing stack]
- exim4 <unfixed>
+ [trixie] - exim4 4.98.2-1+deb13u2
+ [bookworm] - exim4 4.96-15+deb12u9
NOTE:
https://code.exim.org/exim/exim/commit/040c1ce6889f435206677ed532c9a4185cf0bcaf
+ NOTE: https://www.openwall.com/lists/oss-security/2026/05/12/4
CVE-2026-44931
- malcontent <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/11/1
@@ -8411,14 +8414,10 @@ CVE-2026-40685 (In Exim before 4.99.2, when JSON lookup
is enabled, an out-of-bo
NOTE: JSON lookup support not enabled in Debian
CVE-2026-40686 (In Exim before 4.99.2, when utf8 operators are enabled, there
is an ou ...)
- exim4 4.99.2-1
- [trixie] - exim4 <no-dsa> (Minor issue)
- [bookworm] - exim4 <no-dsa> (Minor issue)
[bullseye] - exim4 <postponed> (Minor issue; can be fixed in next
update)
NOTE: Fixed by:
https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc
CVE-2026-40687 (In Exim before 4.99.2, when the SPA authentication driver is
used with ...)
- exim4 4.99.2-1
- [trixie] - exim4 <no-dsa> (Minor issue)
- [bookworm] - exim4 <no-dsa> (Minor issue)
[bullseye] - exim4 <postponed> (Minor issue; can be fixed in next
update)
NOTE: Fixed by:
https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505
CVE-2026-7466 (AgentFlow contains an arbitrary code execution vulnerability
that allo ...)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[12 May 2026] DSA-6265-1 exim4 - security update
+ {CVE-2026-40684 CVE-2026-40685 CVE-2026-40686 CVE-2026-40687}
+ [bookworm] - exim4 4.96-15+deb12u9
+ [trixie] - exim4 4.98.2-1+deb13u2
[11 May 2026] DSA-6264-1 dnsmasq - security update
{CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892 CVE-2026-4893
CVE-2026-5172}
[bookworm] - dnsmasq 2.90-4~deb12u2
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -352,14 +352,6 @@ CVE-2024-57392
[bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u5
CVE-2026-42167
[bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u5
-CVE-2026-40684
- [bookworm] - exim4 4.96-15+deb12u8
-CVE-2026-40685
- [bookworm] - exim4 4.96-15+deb12u8
-CVE-2026-40686
- [bookworm] - exim4 4.96-15+deb12u8
-CVE-2026-40687
- [bookworm] - exim4 4.96-15+deb12u8
CVE-2026-28525
[bookworm] - swupdate 2022.12+dfsg-4+deb12u2
CVE-2019-5427
=====================================
data/next-point-update.txt
=====================================
@@ -368,14 +368,6 @@ CVE-2026-42167
[trixie] - proftpd-dfsg 1.3.8.c+dfsg-4+deb13u2
CVE-2026-41035
[trixie] - rsync 3.4.1+ds1-5+deb13u2
-CVE-2026-40684
- [trixie] - exim4 4.98.2-1+deb13u1
-CVE-2026-40685
- [trixie] - exim4 4.98.2-1+deb13u1
-CVE-2026-40686
- [trixie] - exim4 4.98.2-1+deb13u1
-CVE-2026-40687
- [trixie] - exim4 4.98.2-1+deb13u1
CVE-2026-33721
[trixie] - mapserver 8.4.0-4+deb13u2
CVE-2026-35386
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79ea49a715bd4b390d24e4dfda68a955433068bf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79ea49a715bd4b390d24e4dfda68a955433068bf
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
