Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
88392c8f by Daniel Leidert at 2026-05-31T01:53:26+02:00
lts: mark CVE-2026-32147,CVE-2026-28810,CVE-2026-28808/erlang as postponed in
Bullseye
- - - - -
91dcd3c6 by Daniel Leidert at 2026-05-31T02:08:38+02:00
Add patch links for CVE-2026-44283/etcd
- - - - -
2129b86c by Daniel Leidert at 2026-05-31T02:15:23+02:00
lts: add exim4 to dla-needed
- - - - -
8d6a9b40 by Daniel Leidert at 2026-05-31T02:29:27+02:00
lts: add libcryptx-perl to dla-needed
- - - - -
432c312b by Daniel Leidert at 2026-05-31T03:00:12+02:00
Add patch link for CVE-2026-41071/libheif
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -6218,6 +6218,7 @@ CVE-2026-41074 (RT is an open source, enterprise-grade
issue and ticket tracking
CVE-2026-41071 (libheif is a HEIF and AVIF file format decoder and encoder. In
version ...)
- libheif <unfixed> (bug #1137524)
NOTE:
https://github.com/strukturag/libheif/security/advisories/GHSA-xj92-xjff-h8w3
+ NOTE: Fixed by:
https://github.com/strukturag/libheif/commit/f20c81745e917b4c496615140385c86d7a2fa58d
(v1.22.0)
CVE-2026-41069 (libheif is a HEIF and AVIF file format decoder and encoder. In
version ...)
- libheif <unfixed> (bug #1137524)
NOTE:
https://github.com/strukturag/libheif/security/advisories/GHSA-p82x-fpmv-576r
@@ -10082,6 +10083,10 @@ CVE-2026-44308 (Spring Cloud AWS simplifies using AWS
managed services in a Spri
CVE-2026-44283 (etcd is a distributed key-value store for the data of a
distributed sy ...)
- etcd <unfixed> (bug #1136829)
NOTE:
https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5
+ NOTE: https://github.com/etcd-io/etcd/pull/21677
+ NOTE: https://github.com/etcd-io/etcd/pull/21680
+ NOTE: Fixed by:
https://github.com/etcd-io/etcd/commit/e8ce1ae41f18a938d0d8ad85dbc034c489e468db
(v3.5.30)
+ NOTE: Fixed by:
https://github.com/etcd-io/etcd/commit/500c535adbb8a5a444bbff9fa34cc1c10addee71
(v3.5.30)
CVE-2026-44216 (Wasmtime is a runtime for WebAssembly. From 30.0.0 to 36.0.8,
43.0.2, ...)
- rust-wasmtime 36.0.8+dfsg-1
NOTE:
https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg
@@ -26707,6 +26712,7 @@ CVE-2026-32147 (Improper Limitation of a Pathname to a
Restricted Directory ('Pa
- erlang 1:27.3.4.11+dfsg-1
[trixie] - erlang <no-dsa> (Minor issue)
[bookworm] - erlang <no-dsa> (Minor issue)
+ [bullseye] - erlang <postponed> (Minor issue, can be fixed with next
update)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5
NOTE: https://cna.erlef.org/cves/CVE-2026-32147.html
NOTE:
https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004
(OTP-26.2.5.20, OTP-27.3.4.11, OTP-28.4.3)
@@ -33836,6 +33842,7 @@ CVE-2026-28810 (Generation of Predictable Numbers or
Identifiers vulnerability i
- erlang 1:27.3.4.10+dfsg-1
[trixie] - erlang <no-dsa> (Minor issue)
[bookworm] - erlang <no-dsa> (Minor issue)
+ [bullseye] - erlang <postponed> (Minor issue, can be fixed with next
update)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-v884-5jg5-whj8
NOTE: https://github.com/erlang/otp/pull/10864
NOTE: Fixed by:
https://github.com/erlang/otp/commit/b057a9d995017b1be50d6dc02edd52382f3231b8
(OTP-26.2.5.19, OTP-27.3.4.10, OTP-28.4.2)
@@ -33844,6 +33851,7 @@ CVE-2026-28808 (Incorrect Authorization vulnerability
in Erlang OTP (inets modul
- erlang 1:27.3.4.10+dfsg-1
[trixie] - erlang <no-dsa> (Minor issue)
[bookworm] - erlang <no-dsa> (Minor issue)
+ [bullseye] - erlang <postponed> (Minor issue, can be fixed with next
update)
NOTE:
https://github.com/erlang/otp/security/advisories/GHSA-3vhp-h532-mc3f
NOTE: Fixed by:
https://github.com/erlang/otp/commit/8fc71ac6af4fbcc54103bec2983ef22e82942688
(OTP-27.3.4.10, OTP-28.4.2)
NOTE: https://cna.erlef.org/cves/CVE-2026-28808.html
=====================================
data/dla-needed.txt
=====================================
@@ -132,6 +132,10 @@ erlang
NOTE: 20260519: and bookworm 12.12 (CVE-2025-46712).
NOTE: 20260519: Fix ELTS at the same time. (Beuc/front-desk)
--
+exim4
+ NOTE: 20260531: Added by Front-Desk (dleidert)
+ NOTE: 20260531: Follow DSA-6309-1 and possibly care about open CVEs
(dleidert/front-desk)
+--
expat
NOTE: 20260518: Added by Front-Desk (Beuc)
NOTE: 20260518: Upcoming DSA + many postponed CVE.
@@ -277,6 +281,9 @@ libcaca
NOTE: 20260519: Added by Front-Desk (Beuc)
NOTE: 20260519: Fix unstable first. (Beuc/front-desk)
--
+libcryptx-perl
+ NOTE: 20260531: Added by Front-Desk (dleidert)
+--
libraw
NOTE: 20260417: Added by Front-Desk (rouca)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f19d2f37b47db6a617760f3856ff0d98502cdc73...432c312b1439c08db83d81699ffe16c32fb03aef
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f19d2f37b47db6a617760f3856ff0d98502cdc73...432c312b1439c08db83d81699ffe16c32fb03aef
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
