[Git][security-tracker-team/security-tracker][master] lts: bullseye triage

Mon, 18 May 2026 02:53:08 -0700 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d4c43ab1 by Emilio Pozuelo Monfort at 2026-05-18T11:51:54+02:00
lts: bullseye triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1807,6 +1807,7 @@ CVE-2026-45028 (Astro is a web framework. Astro versions 
prior to 6.1.10 used AE
        NOT-FOR-US: Astro
 CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image 
handling ...)
        - ironic 1:35.0.1-3 (bug #1136655)
+       [bullseye] - ironic <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ironic/+bug/2150332
        NOTE: 
https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0
 CVE-2026-44665 (fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an 
input d ...)
@@ -4857,6 +4858,7 @@ CVE-2026-45184 (Kdenlive before 26.04.1 allows dangerous 
proxy parameters when a
        - kdenlive 26.04.1-1 (bug #1136172)
        [trixie] - kdenlive <no-dsa> (Minor issue)
        [bookworm] - kdenlive <no-dsa> (Minor issue)
+       [bullseye] - kdenlive <no-dsa> (Minor issue)
        NOTE: https://kde.org/info/security/advisory-20260508-1.txt
        NOTE: 
https://commits.kde.org/kdenlive/94042ddd259551e4a7a5f6672329752972c84685 
(v26.04.0)
        NOTE: 
https://commits.kde.org/kdenlive/c3999aacc6da54756f3df8aab03b900459562ecd 
(v26.04.1)
@@ -6585,6 +6587,7 @@ CVE-2026-4935 (The OttoKit: All-in-One Automation 
Platform WordPress plugin befo
        NOT-FOR-US: WordPress plugin
 CVE-2026-44916 (In OpenStack Ironic before 35.0.2 (in a certain non-default 
configurat ...)
        - ironic 1:35.0.1-2 (bug #1136005)
+       [bullseye] - ironic <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ironic/+bug/2148307
        NOTE: https://review.opendev.org/c/openstack/ironic/+/987514
 CVE-2026-44365
@@ -9387,6 +9390,7 @@ CVE-2026-42997 (An issue was discovered in idrac in 
OpenStack Ironic before 35.0
        - ironic 1:35.0.1-1 (bug #1135811)
        [trixie] - ironic <no-dsa> (Minor issue; can be fixed via point release)
        [bookworm] - ironic <no-dsa> (Minor issue; can be fixed via point 
release)
+       [bullseye] - ironic <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ironic/+bug/2148317
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/10
        NOTE: 
https://opendev.org/openstack/ironic/commit/8b663209ff46ba2fbd05797ba7105b4f00e6dac4
 (35.0.1)
@@ -10037,12 +10041,14 @@ CVE-2025-70072 (An issue in Assimp v.6.0.2 allows a 
remote attacker to cause a d
        - assimp <unfixed>
        [trixie] - assimp <no-dsa> (Minor issue)
        [bookworm] - assimp <no-dsa> (Minor issue)
+       [bullseye] - assimp <no-dsa> (Minor issue)
        NOTE: https://gist.github.com/GunP4ng/cdaf0cb89dc6f1d09a9e88fa1135894e
        NOTE: https://github.com/assimp/assimp/issues/6635
 CVE-2025-70071 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a 
denial  ...)
        - assimp <unfixed>
        [trixie] - assimp <no-dsa> (Minor issue)
        [bookworm] - assimp <no-dsa> (Minor issue)
+       [bullseye] - assimp <no-dsa> (Minor issue)
        NOTE: https://gist.github.com/GunP4ng/6d80919905037929ce9266ccd207b9ea
 CVE-2025-67796 (IKUS Rdiffweb before 2.10.5 has an improper authorization flaw 
that al ...)
        - rdiffweb <itp> (bug #969974)
@@ -10077,16 +10083,19 @@ CVE-2025-70070 (An issue in Assimp v.6.0.2 allows a 
remote attacker to cause a d
        - assimp <unfixed>
        [trixie] - assimp <no-dsa> (Minor issue)
        [bookworm] - assimp <no-dsa> (Minor issue)
+       [bullseye] - assimp <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465295
 CVE-2025-70069 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a 
denial  ...)
        - assimp <unfixed>
        [trixie] - assimp <no-dsa> (Minor issue)
        [bookworm] - assimp <no-dsa> (Minor issue)
+       [bullseye] - assimp <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465306
 CVE-2025-70067 (Buffer Overflow vulnerability exists in Assimp versions up to 
6.0.2 in ...)
        - assimp <unfixed>
        [trixie] - assimp <no-dsa> (Minor issue)
        [bookworm] - assimp <no-dsa> (Minor issue)
+       [bullseye] - assimp <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465308
 CVE-2026-43868 (Memory Allocation with Excessive Size Value vulnerability in 
Apache Th ...)
        [experimental] - thrift 0.23.0-1
@@ -17497,6 +17506,7 @@ CVE-2026-40611 (Let's Encrypt client and ACME library 
written in Go (Lego). Prio
        - golang-github-xenolf-lego <unfixed> (bug #1134643)
        [trixie] - golang-github-xenolf-lego <no-dsa> (Minor issue)
        [bookworm] - golang-github-xenolf-lego <no-dsa> (Minor issue)
+       [bullseye] - golang-github-xenolf-lego <no-dsa> (Minor issue)
        NOTE: 
https://github.com/go-acme/lego/security/advisories/GHSA-qqx8-2xmm-jrv8
        NOTE: Fixed by: 
https://github.com/go-acme/lego/commit/aa6fcebccb73828e933c33363dccc0a93a101988 
(v4.34.0)
 CVE-2026-40608 (Next AI Draw.io is a next.js web application that integrates 
AI capabi ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4c43ab1edaa59bb37770c3d0e0202b39e939fee

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d4c43ab1edaa59bb37770c3d0e0202b39e939fee
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to