bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 18 May 2026 23:57:17 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7292ee37 by Moritz Muehlenhoff at 2026-05-19T08:56:10+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1959,6 +1959,8 @@ CVE-2026-45028 (Astro is a web framework. Astro versions 
prior to 6.1.10 used AE
        NOT-FOR-US: Astro
 CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image 
handling ...)
        - ironic 1:35.0.1-3 (bug #1136655)
+       [trixie] - ironic <no-dsa> (Minor issue)
+       [bookworm] - ironic <no-dsa> (Minor issue)
        [bullseye] - ironic <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ironic/+bug/2150332
        NOTE: 
https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0
@@ -6755,6 +6757,8 @@ CVE-2026-4935 (The OttoKit: All-in-One Automation 
Platform WordPress plugin befo
        NOT-FOR-US: WordPress plugin
 CVE-2026-44916 (In OpenStack Ironic before 35.0.2 (in a certain non-default 
configurat ...)
        - ironic 1:35.0.1-2 (bug #1136005)
+       [trixie] - ironic <no-dsa> (Minor issue)
+       [bookworm] - ironic <no-dsa> (Minor issue)
        [bullseye] - ironic <no-dsa> (Minor issue)
        NOTE: https://bugs.launchpad.net/ironic/+bug/2148307
        NOTE: https://review.opendev.org/c/openstack/ironic/+/987514
@@ -7141,8 +7145,11 @@ CVE-2026-44243 (GitPython is a python library used to 
interact with Git reposito
        NOTE: https://github.com/gitpython-developers/GitPython/pull/2134
 CVE-2026-42285 (GoBGP is an open source Border Gateway Protocol (BGP) 
implementation i ...)
        - gobgp 4.5.0-1 (bug #1136049)
-       [bullseye] - gobgp <postponed> (Limited support, follow bookworm 
security updates)
+       [trixie] - gobgp <not-affected> (Vulnerable code not present, 
introduced in 4.4.0)
+       [bookworm] - gobgp <not-affected> (Vulnerable code not present, 
introduced in 4.4.0)
+       [bullseye] - gobgp <not-affected> (Vulnerable code not present, 
introduced in 4.4.0)
        NOTE: 
https://github.com/osrg/gobgp/security/advisories/GHSA-p3w2-64xm-833j
+       NOTE: Fixed by 
https://github.com/osrg/gobgp/commit/d2d2be3e4e7915d407e662e5d388d9f8ae8a8f7b 
(v4.5.0)
 CVE-2026-42214 (Notepad Next is a cross-platform, reimplementation of 
Notepad++. Prior ...)
        NOT-FOR-US: Notepad Next
 CVE-2026-41906 (FreeScout is a free help desk and shared inbox built with 
PHP's Larave ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7292ee377243fdde3630a396d0ef722e810095b3

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7292ee377243fdde3630a396d0ef722e810095b3
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to