[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Tue, 26 May 2026 07:53:56 -0700 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1dbc612a by Moritz Muehlenhoff at 2026-05-26T16:53:34+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -7482,6 +7482,8 @@ CVE-2026-42860 (The Open edx Enterprise Service app 
provides enterprise features
        NOT-FOR-US: Open edx Enterprise Service app
 CVE-2026-42859 (Neat VNC is a VNC server library. Prior to 0.9.6, a 
pre-authentication ...)
        - neatvnc <unfixed> (bug #1136644)
+       [trixie] - neatvnc <no-dsa> (Minor issue)
+       [bookworm] - neatvnc <no-dsa> (Minor issue)
        NOTE: 
https://github.com/any1/neatvnc/security/advisories/GHSA-567c-gpv8-qh9h
        NOTE: 
https://github.com/any1/neatvnc/commit/1f6cd6b75cc167fed3a19a9d1552a1f662f6b337 
(v1.0.0)
 CVE-2026-42858 (Open edX Platform enables the authoring and delivery of online 
learnin ...)
@@ -22400,6 +22402,7 @@ CVE-2026-5598 (Covert timing channel vulnerability in 
Legion of the Bouncy Castl
 CVE-2026-5588 (Use of a Broken or Risky Cryptographic Algorithm vulnerability 
in Legi ...)
        - bouncycastle <unfixed> (bug #1134196)
        NOTE: 
https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905588
+       NOTE: 
https://github.com/bcgit/bc-java/commit/656bae0dbd9b1521f840521ff786e78749fe3057
 (r1rv84)
 CVE-2026-5426 (Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge 
Knowledge ...)
        NOT-FOR-US: Digital Knowledge KnowledgeDeliver
 CVE-2026-5387 (The vulnerability, if exploited, could allow an unauthenticated 
miscre ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -80,6 +80,8 @@ opennds/oldstable
 pdfminer (carnil)
   Required followup for CVE-2025-64512 as original fix was incomplete.
 --
+perl (carnil)
+--
 php-laravel-framework/oldstable
 --
 php-twig
@@ -105,6 +107,8 @@ runc
 rust-wasmtime
   for CVE-2026-34987 CVE-2026-34971, rest would also be fine to ignore
 --
+starlette (jmm)
+--
 symfony (jmm)
   Maintainer is preparing updates
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dbc612a753a826d2fb454c85256fe3678835483

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dbc612a753a826d2fb454c85256fe3678835483
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to