Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a6cd1865 by Moritz Muehlenhoff at 2026-05-22T10:10:18+02:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -959,6 +959,7 @@ CVE-2026-44231
NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
CVE-2026-XXXX [RUSTSEC-2026-0145]
- rust-astral-tokio-tar 0.6.2-1
+ [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0145.html
CVE-2026-41999 (Incorrect Behaviour of Views with TCP PROXY Requests)
- pdns 5.0.5-1
@@ -8690,6 +8691,7 @@ CVE-2026-42501 (A malicious module proxy can exploit a
flaw in the go command's
- golang-1.24 <removed>
[trixie] - golang-1.24 <no-dsa> (Minor issue)
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
[bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://go-review.googlesource.com/c/go/+/775321
@@ -8701,6 +8703,7 @@ CVE-2026-42499 (Pathological inputs could cause DoS
through consumePhrase when p
- golang-1.24 <removed>
[trixie] - golang-1.24 <no-dsa> (Minor issue)
- golang-1.19 <removed>
+ [bookworm] - golang-1.19 <no-dsa> (Minor issue)
- golang-1.15 <removed>
[bullseye] - golang-1.15 <postponed> (Limited support, minor issue,
follow bookworm DSAs/point-releases)
NOTE: https://go-review.googlesource.com/c/go/+/771520
@@ -9082,6 +9085,8 @@ CVE-2026-41644 (monetr is a budgeting application for
recurring expenses. Prior
NOT-FOR-US: monetr
CVE-2026-41643 (GoBGP is an open source Border Gateway Protocol (BGP)
implementation i ...)
- gobgp 4.3.0-1
+ [trixie] - gobgp <no-dsa> (Minor issue)
+ [bookworm] - gobgp <no-dsa> (Minor issue)
[bullseye] - gobgp <postponed> (Limited support, follow bookworm
security updates)
NOTE:
https://github.com/osrg/gobgp/security/advisories/GHSA-8rxh-r2p6-7f2q
NOTE: https://github.com/osrg/gobgp/issues/3308
@@ -39271,6 +39276,8 @@ CVE-2026-30875 (Chamilo LMS is a learning management
system. Prior to version 1.
NOT-FOR-US: Chamilo LMS
CVE-2026-30405 (An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to
cause a d ...)
- gobgp 4.3.0-1 (bug #1131115)
+ [trixie] - gobgp <no-dsa> (Minor issue)
+ [bookworm] - gobgp <no-dsa> (Minor issue)
[bullseye] - gobgp <postponed> (Limited support, minor issue, DoS,
follow bookworm DSAs/point-releases)
NOTE: https://github.com/osrg/gobgp/issues/3305
NOTE:
https://github.com/osrg/gobgp/commit/f12b8fbb84f9e1a58dca932ccf0b005039f3cfb5
(v4.3.0)
@@ -85522,6 +85529,8 @@ CVE-2025-13505 (Improper Neutralization of Input During
Web Page Generation (XSS
NOT-FOR-US: Datactive
CVE-2025-13353 (In gokey versions <0.2.0, a flaw in the seed decryption logic
resulte ...)
- gokey 0.2.0-1 (bug #1121846)
+ [trixie] - gokey <no-dsa> (Minor issue)
+ [bookworm] - gokey <no-dsa> (Minor issue)
[bullseye] - gokey <ignored> (go is out of security support for
bullseye)
NOTE:
https://github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm
NOTE: https://github.com/cloudflare/gokey/pull/79
=====================================
data/dsa-needed.txt
=====================================
@@ -40,8 +40,12 @@ gh/oldstable
--
haproxy (carnil)
--
+haveged
+--
imagemagick
--
+inkscape/oldstable
+--
isc-kea/oldstable
--
jackson-core (apo)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cd1865df3fd34225713cd538d45357c88891bc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a6cd1865df3fd34225713cd538d45357c88891bc
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
