Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d2c69fa5 by Emilio Pozuelo Monfort at 2026-05-15T10:00:35+02:00
lts: CVE-2026-44432/python-urllib3 n/a on bullseye
- - - - -
44ed130b by Emilio Pozuelo Monfort at 2026-05-15T10:02:54+02:00
lts: add redis
- - - - -
d3cf2da2 by Emilio Pozuelo Monfort at 2026-05-15T10:12:22+02:00
lts: python2.7 EOL in bullseye
- - - - -
aa4f3c56 by Emilio Pozuelo Monfort at 2026-05-15T10:13:45+02:00
lts: CVE-2026-32952/golang-github-azure-go-ntlmssp no-dsa
- - - - -
23deb369 by Emilio Pozuelo Monfort at 2026-05-15T10:24:53+02:00
lts: CVE-2026-33814/golang-golang-x-net no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -920,6 +920,7 @@ CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was
not updated when CVE-2
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (not supported in bullseye)
- pypy3 <unfixed>
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/ITF2BAPBQEPYK3LDMPRSY435JGNHYNDP/
NOTE: https://github.com/python/cpython/pull/149648
@@ -1103,6 +1104,7 @@ CVE-2026-44432 (urllib3 is an HTTP client library for
Python. From 2.6.0 to befo
- python-urllib3 <unfixed> (bug #1136654)
[trixie] - python-urllib3 <not-affected> (Vulnerable code introduced
later)
[bookworm] - python-urllib3 <not-affected> (Vulnerable code introduced
later)
+ [bullseye] - python-urllib3 <not-affected> (Vulnerable code introduced
later)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j
CVE-2026-44431 (urllib3 is an HTTP client library for Python. From 1.23 to
before 2.7. ...)
- python-urllib3 <unfixed> (bug #1136653)
@@ -3404,6 +3406,7 @@ CVE-2026-7210 (`xml.parsers.expat` and
`xml.etree.ElementTree` use insufficient
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
+ [bullseye] - python2.7 <end-of-life> (not supported in bullseye)
- pypy3 <unfixed>
NOTE:
https://mail.python.org/archives/list/[email protected]/thread/PNY5OMBDPM2FRUZTWFFPJ6LISWKV627K/
NOTE: https://github.com/python/cpython/issues/149018
@@ -5925,6 +5928,7 @@ CVE-2026-33814 (When processing HTTP/2 SETTINGS frames,
transport will enter an
- golang-golang-x-net <unfixed> (bug #1136030)
[trixie] - golang-golang-x-net <no-dsa> (Minor issue)
[bookworm] - golang-golang-x-net <no-dsa> (Minor issue)
+ [bullseye] - golang-golang-x-net <no-dsa> (Minor issue)
NOTE: https://go-review.googlesource.com/c/go/+/761581
NOTE: https://go-review.googlesource.com/c/net/+/761640
NOTE: https://github.com/golang/go/issues/78476
@@ -14263,6 +14267,7 @@ CVE-2026-32952 (go-ntlmssp is a Go package that
provides NTLM/Negotiate authenti
- golang-github-azure-go-ntlmssp <unfixed> (bug #1135345)
[trixie] - golang-github-azure-go-ntlmssp <no-dsa> (Minor issue)
[bookworm] - golang-github-azure-go-ntlmssp <no-dsa> (Minor issue)
+ [bullseye] - golang-github-azure-go-ntlmssp <no-dsa> (Minor issue)
NOTE:
https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj
NOTE: Fixed by:
https://github.com/Azure/go-ntlmssp/commit/bd8579c18d41bf5d91a5f74b1117c958f635b866
(v0.1.1)
CVE-2026-32870 (Kirby is an open-source content management system. Kirby's
`Xml::value ...)
=====================================
data/dla-needed.txt
=====================================
@@ -452,6 +452,9 @@ rails (Sylvain Beucler)
NOTE: 20260511: Partial release to handle CVE-2022-32224 (potentially
backward-incompatible)
NOTE: 20260511: and fix issues in previous upload, following work in buster.
(Beuc)
--
+redis
+ NOTE: 20260515: Added by Front-Desk (pochu)
+--
ruby-rack (Abhijith PA)
NOTE: 20260413: Added by Front-Desk (rouca)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82cb1e6632e8e78c245b2648e79e0fd46bb3456f...23deb369c134277c8fd3dbd7572171f008c47bc2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/82cb1e6632e8e78c245b2648e79e0fd46bb3456f...23deb369c134277c8fd3dbd7572171f008c47bc2
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
