Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d696f3e3 by Moritz Muehlenhoff at 2026-05-18T23:23:59+02:00
bogus CVE assignments for gobgp
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -29130,20 +29130,23 @@ CVE-2026-5126 (A flaw has been found in
SourceCodester RSS Feed Parser 1.0. Affe
CVE-2026-5125 (A vulnerability was detected in raine consult-llm-mcp up to
2.5.3. Aff ...)
NOT-FOR-US: raine consult-llm-mcp
CVE-2026-5124 (A security vulnerability has been detected in osrg GoBGP up to
4.3.0. ...)
- - gobgp 4.4.0-1 (bug #1132653)
- [bullseye] - gobgp <postponed> (Limited support, follow bookworm
security updates)
+ - gobgp 4.4.0-1 (bug #1132653; unimportant)
NOTE: https://github.com/osrg/gobgp/pull/3340
NOTE: Fixed by:
https://github.com/osrg/gobgp/commit/f0f24a2a901cbf159260698211ab15c583ced131
(v4.4.0)
+ NOTE: Not a security issue per upstream assessment:
+ NOTE: https://github.com/osrg/gobgp/issues/3362#issuecomment-4248281007
CVE-2026-5123 (A weakness has been identified in osrg GoBGP up to 4.3.0. This
impacts ...)
- - gobgp 4.4.0-1 (bug #1132653)
- [bullseye] - gobgp <postponed> (Limited support, follow bookworm
security updates)
+ - gobgp 4.4.0-1 (bug #1132653; unimportant)
NOTE: https://github.com/osrg/gobgp/pull/3342
NOTE: Fixed by:
https://github.com/osrg/gobgp/commit/67c059413470df64bc20801c46f64058e88f800f
(v4.4.0)
+ NOTE: Not a security issue per upstream assessment:
+ NOTE: https://github.com/osrg/gobgp/issues/3362#issuecomment-4248281007
CVE-2026-5122 (A security flaw has been discovered in osrg GoBGP up to 4.3.0.
This af ...)
- - gobgp 4.4.0-1 (bug #1132653)
- [bullseye] - gobgp <postponed> (Limited support, follow bookworm
security updates)
+ - gobgp 4.4.0-1 (bug #1132653; unimportant)
NOTE: https://github.com/osrg/gobgp/pull/3343
NOTE: Fixed by:
https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d
(v4.4.0)
+ NOTE: Not a security issue per upstream assessment:
+ NOTE: https://github.com/osrg/gobgp/issues/3362#issuecomment-4248281007
CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer
overflow ...)
{DLA-4563-1}
- libarchive 3.8.7-1 (bug #1133002)
@@ -129652,11 +129655,10 @@ CVE-2025-7466 (A vulnerability, which was
classified as critical, has been found
CVE-2025-7465 (A vulnerability classified as critical was found in Tenda
FH1201 1.2.0 ...)
NOT-FOR-US: Tenda
CVE-2025-7464 (A vulnerability classified as problematic has been found in
osrg GoBGP ...)
- - gobgp 4.3.0-1 (bug #1109300)
- [trixie] - gobgp <no-dsa> (Minor issue)
- [bookworm] - gobgp <no-dsa> (Minor issue)
- [bullseye] - gobgp <postponed> (Limited support, follow bookworm
security updates)
+ - gobgp 4.3.0-1 (bug #1109300; unimportant)
NOTE: Fixed by:
https://github.com/osrg/gobgp/commit/e748f43496d74946d14fed85c776452e47b99d64
+ NOTE: Not a security issue per upstream:
+ NOTE: https://github.com/osrg/gobgp/issues/3189#issuecomment-3426317295
CVE-2025-7463 (A vulnerability was found in Tenda FH1201 1.2.0.14. It has been
declar ...)
NOT-FOR-US: Tenda
CVE-2025-7462 (A vulnerability was found in Artifex GhostPDL up to
3989415a5b8e99b9d1 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d696f3e3ba5784ef70cf3c2ddfc9ee9e636de25f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d696f3e3ba5784ef70cf3c2ddfc9ee9e636de25f
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
