Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3f194316 by Daniel Leidert at 2026-05-29T04:57:22+02:00
dla-needed: add nagios4
- - - - -
cfbd704b by Daniel Leidert at 2026-05-29T05:00:40+02:00
dla-needed: add request-tracker4
- - - - -
38d5e4f6 by Daniel Leidert at 2026-05-29T05:26:07+02:00
Add patch links for CVE-2026-44431/python-urllib3 and
CVE-2026-44432/python-urllib3
- - - - -
22f48c77 by Daniel Leidert at 2026-05-29T05:33:55+02:00
lts: mark CVE-2026-47766/crun as postponed
- - - - -
d8e23790 by Daniel Leidert at 2026-05-29T05:37:53+02:00
lts: mark CVE-2026-47372/libcrypt-saltedhash-perl and
CVE-2026-47373/libcrypt-saltedhash-perl as postponed
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1830,6 +1830,7 @@ CVE-2026-47766
- crun 1.28-1
[trixie] - crun <no-dsa> (Minor issue)
[bookworm] - crun <no-dsa> (Minor issue)
+ [bullseye] - crun <postponed> (Minor issue, can be fixed with next
update)
NOTE:
https://github.com/containers/crun/security/advisories/GHSA-7vwr-4279-7gq5
NOTE:
https://github.com/containers/crun/commit/c6f338ac2e26e216ab7820b91863a0b84e608097
(1.28)
CVE-2026-46100 (In the Linux kernel, the following vulnerability has been
resolved: f ...)
@@ -5822,12 +5823,14 @@ CVE-2026-47373 (Crypt::SaltedHash versions through 0.09
for Perl is susceptible
- libcrypt-saltedhash-perl 0.11-1 (bug #1137253)
[trixie] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
[bookworm] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
+ [bullseye] - libcrypt-saltedhash-perl <postponed> (Minor issue, can be
fixed with next update)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40249915/
NOTE: Fixed by:
https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a
(0.10)
CVE-2026-47372 (Crypt::SaltedHash versions through 0.09 for Perl generate
insecure ran ...)
- libcrypt-saltedhash-perl 0.11-1 (bug #1137253)
[trixie] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
[bookworm] - libcrypt-saltedhash-perl <no-dsa> (Minor issue)
+ [bullseye] - libcrypt-saltedhash-perl <postponed> (Minor issue, can be
fixed with next update)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40252126/
NOTE: Fixed by:
https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5
(0.10)
CVE-2026-9101 (Prototype pollution in csv parsing logic during import can lead
to unt ...)
@@ -8987,9 +8990,11 @@ CVE-2026-44432 (urllib3 is an HTTP client library for
Python. From 2.6.0 to befo
[bookworm] - python-urllib3 <not-affected> (Vulnerable code introduced
later)
[bullseye] - python-urllib3 <not-affected> (Vulnerable code introduced
later)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j
+ NOTE: Fixed by:
https://github.com/urllib3/urllib3/commit/2bdcc44d1e163fb5cc48a8662425e35e15adfe6a
(2.7.0)
CVE-2026-44431 (urllib3 is an HTTP client library for Python. From 1.23 to
before 2.7. ...)
- python-urllib3 <unfixed> (bug #1136653)
NOTE:
https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc
+ NOTE: Fixed by:
https://github.com/urllib3/urllib3/commit/5ec0de499b9166ca71c65ab04f2a7e4eb0d66fcc
(2.7.0)
CVE-2026-44426 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET
/api/names ...)
NOT-FOR-US: ShellHub
CVE-2026-44425 (ShellHub is a centralized SSH gateway. Prior to 0.24.2, the
device lis ...)
=====================================
data/dla-needed.txt
=====================================
@@ -370,6 +370,10 @@ mongo-c-driver
NOTE: 20260522: Added by Front-Desk (Beuc)
NOTE: 20260522: Follow bookworm 12.14 (4+1 CVEs) (Beuc/front-desk)
--
+nagios4
+ NOTE: 20260529: Added by Front-Desk (dleidert)
+ NOTE: 20260529: Follow recent upload of 4.4.6-4+deb12u1/4.4.6-4.1+deb13u1
(dleidert/front-desk)
+--
nagvis
NOTE: 20250117: Added by Front-Desk (rouca)
NOTE: 20250119: Also check/fix https://bugs.debian.org/1061044
@@ -507,6 +511,10 @@ rails
redis (Chris Lamb)
NOTE: 20260515: Added by Front-Desk (pochu)
--
+request-tracker4
+ NOTE: 20260529: Added by Front-Desk (dleidert)
+ NOTE: 20260529: Follow DSA in preparation by maintainer (dleidert/front-desk)
+--
ruby-rack (Abhijith PA)
NOTE: 20260413: Added by Front-Desk (rouca)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7d0735f0b5b4c8bf1592f07d128e765e00c18a0...d8e23790e4b65f984d1a91b87abdf31ba8a1a1c1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/e7d0735f0b5b4c8bf1592f07d128e765e00c18a0...d8e23790e4b65f984d1a91b87abdf31ba8a1a1c1
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
