Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d51d2a82 by Sylvain Beucler at 2026-05-19T11:14:51+02:00
dla: add jq
- - - - -
f835d359 by Sylvain Beucler at 2026-05-19T11:14:54+02:00
CVE-2026-5089/libyaml-syck-perl: bullseye postponed
- - - - -
4afdd0a5 by Sylvain Beucler at 2026-05-19T11:14:56+02:00
CVE-2026-6659/libcrypt-passwdmd5-perl: bullseye postponed
- - - - -
3cf13301 by Sylvain Beucler at 2026-05-19T11:14:59+02:00
CVE-2013-10075/libapache-session-perl: bullseye postponed
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4042,6 +4042,7 @@ CVE-2026-5089 (YAML::Syck versions before 1.38 for Perl
has an out-of-bounds re
- libyaml-syck-perl 1.36-3
[trixie] - libyaml-syck-perl <no-dsa> (Minor issue)
[bookworm] - libyaml-syck-perl <no-dsa> (Minor issue)
+ [bullseye] - libyaml-syck-perl <postponed> (Minor issue, limited OOB
read)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39981051/
NOTE: https://github.com/cpan-authors/YAML-Syck/issues/132
NOTE: https://github.com/cpan-authors/YAML-Syck/pull/133
@@ -5620,6 +5621,7 @@ CVE-2026-6659 (Crypt::PasswdMD5 versions through 1.42 for
Perl generates insecur
- libcrypt-passwdmd5-perl <unfixed> (bug #1136091)
[trixie] - libcrypt-passwdmd5-perl <postponed> (Minor issue, revisit
when fixed upstream)
[bookworm] - libcrypt-passwdmd5-perl <postponed> (Minor issue, revisit
when fixed upstream)
+ [bullseye] - libcrypt-passwdmd5-perl <postponed> (Minor issue, revisit
when fixed upstream)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39857355/
CVE-2026-43470 (In the Linux kernel, the following vulnerability has been
resolved: n ...)
- linux 6.19.10-1
@@ -6688,6 +6690,7 @@ CVE-2025-71297 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/44d1f624bbdd2d60319374ba85f7195a28d00c90 (7.0-rc1)
CVE-2013-10075 (Apache::Session versions through 1.94 for Perl re-creates
deleted sess ...)
- libapache-session-perl <unfixed> (bug #1136206)
+ [bullseye] - libapache-session-perl <postponed> (Minor issue, revisit
when fixed upstream)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39844719/
CVE-2026-43500 (In the Linux kernel, the following vulnerability has been
resolved: r ...)
{DSA-6258-1 DSA-6253-1 DLA-4574-1 DLA-4572-1}
=====================================
data/dla-needed.txt
=====================================
@@ -236,6 +236,10 @@ jackson-core (Markus Koschany)
jetty9
NOTE: 20260418: Added by Front-Desk. Fix CVE-2026-5795 maybe other (rouca)
--
+jq
+ NOTE: 20260519: Added by Front-Desk (Beuc)
+ NOTE: 20260519: Many postponed CVEs piled-up (Beuc/front-desk)
+--
kamailio
NOTE: 20260413: Added by Front-Desk (rouca)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36aec02e307f983e00ae14914fe15f422f69f10e...3cf133015bdd248b9fe3dac1863caf840ae25e07
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36aec02e307f983e00ae14914fe15f422f69f10e...3cf133015bdd248b9fe3dac1863caf840ae25e07
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
