Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 317ac1e5 by Sylvain Beucler at 2026-05-19T09:18:25+02:00 CVE-2026-7210,CVE-2026-8328/python3.9: bullseye postponed aligning with other dists waiting for more issues to pile-up, we just released DLA-4583-1 - - - - - c5b1cee1 by Sylvain Beucler at 2026-05-19T09:18:28+02:00 erlang: reference missing OSPU CVEs https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127607#19 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1944,6 +1944,7 @@ CVE-2026-8328 (The ftpcp() function in Lib/ftplib.py was not updated when CVE-2 - python3.11 <removed> [bookworm] - python3.11 <no-dsa> (Minor issue) - python3.9 <removed> + [bullseye] - python3.9 <postponed> (Minor issue, port scanning in specific scenario) - python2.7 <removed> [bullseye] - python2.7 <end-of-life> (not supported in bullseye) - pypy3 <unfixed> @@ -4485,6 +4486,7 @@ CVE-2026-7210 (`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient - python3.11 <removed> [bookworm] - python3.11 <no-dsa> (Minor issue) - python3.9 <removed> + [bullseye] - python3.9 <postponed> (Minor issue, wait for expat update) - python2.7 <removed> [bullseye] - python2.7 <end-of-life> (not supported in bullseye) - pypy3 <unfixed> @@ -38414,7 +38416,7 @@ CVE-2026-23943 (Improper Handling of Highly Compressed Data (Compression Bomb) v {DLA-4590-1} - erlang 1:27.3.4.9+dfsg-1 (bug #1130912) [trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u2 - [bookworm] - erlang <no-dsa> (Minor issue) + [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4 NOTE: https://github.com/erlang/otp/security/advisories/GHSA-c836-qprm-jw9r NOTE: Fixed by: https://github.com/erlang/otp/commit/43a87b949bdff12d629a8c34146711d9da93b1b1 (OTP-28.4.1) NOTE: Fixed by: https://github.com/erlang/otp/commit/93073c3bd338c60cd2bae715ce6a1d4ffc1a8fd3 (OTP-27.3.4.9) @@ -38423,7 +38425,7 @@ CVE-2026-23942 (Improper Limitation of a Pathname to a Restricted Directory ('Pa {DLA-4590-1} - erlang 1:27.3.4.9+dfsg-1 (bug #1130912) [trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u2 - [bookworm] - erlang <no-dsa> (Minor issue) + [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4 NOTE: https://github.com/erlang/otp/security/advisories/GHSA-4749-w85x-hw9h NOTE: Fixed by: https://github.com/erlang/otp/commit/27688a824f753d4c16371dc70e88753fb410590b (OTP-28.4.1) NOTE: Fixed by: https://github.com/erlang/otp/commit/9e0ac85d3485e7898e0da88a14be0ee2310a3b28 (OTP-27.3.4.9) @@ -38432,7 +38434,7 @@ CVE-2026-23941 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smug {DLA-4590-1} - erlang 1:27.3.4.9+dfsg-1 (bug #1130912) [trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u2 - [bookworm] - erlang <no-dsa> (Minor issue) + [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4 NOTE: https://github.com/erlang/otp/security/advisories/GHSA-w4jc-9wpv-pqh7 NOTE: Fixed by: https://github.com/erlang/otp/commit/a4b46336fd25aa100ac602eb9a627aaead7eda18 (OTP-28.4.1) NOTE: Fixed by: https://github.com/erlang/otp/commit/a761d391d8d08316cbd7d4a86733ba932b73c45b (OTP-27.3.4.9) @@ -47794,7 +47796,7 @@ CVE-2026-21620 (Relative Path Traversal, Improper Isolation or Compartmentalizat {DLA-4590-1} - erlang 1:27.3.4.8+dfsg-1 (bug #1128651) [trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u2 - [bookworm] - erlang <no-dsa> (Minor issue) + [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4 NOTE: https://github.com/erlang/otp/security/advisories/GHSA-hmrc-prh3-rpvp NOTE: https://github.com/erlang/otp/pull/10706 NOTE: Fixed by (merge): https://github.com/erlang/otp/commit/696fdec922661d4a3cc528fc34bc24fae8d4ad8a (OTP-28.3.2) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4db9697cf4d5baa314d39390cf45af689f080e8d...c5b1cee1f396f6a223aaad9ae058540a9663957a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4db9697cf4d5baa314d39390cf45af689f080e8d...c5b1cee1f396f6a223aaad9ae058540a9663957a You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
