Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
04c28d7e by Daniel Leidert at 2026-05-29T04:50:22+02:00
dla-needed: add starlette
and claim it
- - - - -
c7a5e1f6 by Daniel Leidert at 2026-05-29T04:50:23+02:00
lts: mark CVE-2026-9541/squirrel3 as postponed
Similiar issues have been postponed. Also, uptream hasn't reponded yet.
- - - - -
e7d0735f by Daniel Leidert at 2026-05-29T04:50:24+02:00
lts: mark CVE-2026-34480/apache-log4j1.2,apache-log4j2 as postponed
Effect is not of serious nature.
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3561,6 +3561,7 @@ CVE-2026-9542 (A weakness has been identified in
CodeAstro Leave Management Syst
NOT-FOR-US: CodeAstro
CVE-2026-9541 (A security flaw has been discovered in Squirrel up to 3.2.
Impacted is ...)
- squirrel3 <unfixed>
+ [bullseye] - squirrel3 <postponed> (Minor issue)
NOTE: https://github.com/albertodemichelis/squirrel/issues/327
CVE-2026-9540 (A vulnerability was identified in vllm-project vllm 0.19.0.
This issue ...)
- vllm <itp> (bug #1095237)
@@ -29266,9 +29267,11 @@ CVE-2026-34480 (Apache Log4j Core's XmlLayout
https://logging.apache.org/log4j/
- apache-log4j2 <unfixed> (bug #1133847)
[trixie] - apache-log4j2 <no-dsa> (Minor issue)
[bookworm] - apache-log4j2 <no-dsa> (Minor issue)
+ [bullseye] - apache-log4j2 <postponed> (Minor issue, can be fixed with
next upload)
- apache-log4j1.2 <unfixed> (bug #1136032)
[trixie] - apache-log4j1.2 <no-dsa> (Minor issue)
[bookworm] - apache-log4j1.2 <no-dsa> (Minor issue)
+ [bullseye] - apache-log4j1.2 <postponed> (Minor issue, can be fixed
with next upload)
NOTE: https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb
NOTE: https://logging.apache.org/security.html#CVE-2026-34480
NOTE: https://github.com/apache/logging-log4j2/pull/4077
=====================================
data/dla-needed.txt
=====================================
@@ -563,6 +563,10 @@ spip
NOTE: 20260326: very low popcon (Beuc/front-desk)
NOTE: 20260422:
https://salsa.debian.org/lts-team/lts-updates-tasks/-/work_items/342
--
+starlette (dleidert)
+ NOTE: 20260528: Added by Front-Desk (dleidert)
+ NOTE: 20260528: follow DSA-6302-1 (dleidert/front-desk)
+--
strongswan
NOTE: 20260423: Added by Front-Desk (pochu)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3ccac6138d9691314a0090caa53055f17ae284e...e7d0735f0b5b4c8bf1592f07d128e765e00c18a0
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/a3ccac6138d9691314a0090caa53055f17ae284e...e7d0735f0b5b4c8bf1592f07d128e765e00c18a0
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
