Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fee71e41 by Sylvain Beucler at 2026-05-22T22:16:17+02:00
CVE-2026-34253/vorbis-tools: bullseye postponed
- - - - -
628d243b by Sylvain Beucler at 2026-05-22T22:16:20+02:00
CVE-2026-6664,CVE-2026-6665,CVE-2026-6666,CVE-2026-6667/pgbouncer: bullseye
postponed
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2821,6 +2821,7 @@ CVE-2026-34253 (A buffer underflow vulnerability has been
identified in the ogg1
- vorbis-tools <unfixed> (bug #1136943)
[trixie] - vorbis-tools <no-dsa> (Minor issue)
[bookworm] - vorbis-tools <no-dsa> (Minor issue)
+ [bullseye] - vorbis-tools <postponed> (Minor issue, 1-byte underflow in
CLI)
NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/work_items/2332
NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/27
NOTE:
https://gitlab.xiph.org/xiph/vorbis-tools/-/commit/4bb4fb33b25949178179f689db9afb477abeb572
@@ -7275,21 +7276,25 @@ CVE-2026-6667 (PgBouncer before 1.25.2 did not perform
an appropriate authorizat
- pgbouncer 1.25.2-1 (bug #1136075)
[trixie] - pgbouncer 1.24.1-1+deb13u2
[bookworm] - pgbouncer <no-dsa> (Minor issue)
+ [bullseye] - pgbouncer <postponed> (Minor issue, DoS)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/97b5634be55d167a602b0bc0f09a8675997248a6
(pgbouncer_1_25_2)
CVE-2026-6666 (A possible null pointer reference in PgBouncer before 1.25.2
could lea ...)
- pgbouncer 1.25.2-1 (bug #1136075)
[trixie] - pgbouncer 1.24.1-1+deb13u2
[bookworm] - pgbouncer <no-dsa> (Minor issue)
+ [bullseye] - pgbouncer <postponed> (Minor issue, DoS)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/0564f937c0fd81378d67ddcb57b0c00abc0b0f8f
(pgbouncer_1_25_2)
CVE-2026-6665 (The SCRAM code in PgBouncer before 1.25.2 did not check the
return val ...)
- pgbouncer 1.25.2-1 (bug #1136075)
[trixie] - pgbouncer 1.24.1-1+deb13u2
[bookworm] - pgbouncer <no-dsa> (Minor issue)
+ [bullseye] - pgbouncer <postponed> (Minor issue, DoS)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/ab8dbb3b1a73b4a195062546e5e4f964b79f5b45
(pgbouncer_1_25_2)
CVE-2026-6664 (An integer overflow in network packet parsing code in PgBouncer
before ...)
- pgbouncer 1.25.2-1 (bug #1136075)
[trixie] - pgbouncer 1.24.1-1+deb13u2
[bookworm] - pgbouncer <no-dsa> (Minor issue)
+ [bullseye] - pgbouncer <postponed> (Minor issue, DoS)
NOTE: Fixed by:
https://github.com/pgbouncer/pgbouncer/commit/ddc63c2175825bca9ef3c0a528280acaad76dbaa
(pgbouncer_1_25_2)
CVE-2026-45130 (Vim is an open source, command line text editor. Prior to
version 9.2. ...)
- vim 2:9.2.0461-1 (bug #1136097)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a13e1a29bd4588f26ee6af3f5c9a2266c184b17...628d243b9bd850163a721b91b4035c9c9cefbccf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/4a13e1a29bd4588f26ee6af3f5c9a2266c184b17...628d243b9bd850163a721b91b4035c9c9cefbccf
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
