Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 63049986 by Sylvain Beucler at 2026-06-01T21:14:43+02:00 CVE-2026-44903/prometheus: introductory commit + bullseye not-affected (bookworm neither) Matches the GHSA versions: https://github.com/prometheus/prometheus/security/advisories/GHSA-fw8g-cg8f-9j28 - - - - - 796e7cd5 by Sylvain Beucler at 2026-06-01T21:14:43+02:00 dla: drop prometheus 2 not-affected and 1 DoS, not worth a DLA right now - - - - - 2 changed files: - data/CVE/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -5175,8 +5175,10 @@ CVE-2026-44905 (Vanetza is an open-source implementation of the ETSI C-ITS proto NOT-FOR-US: Vanetza CVE-2026-44903 (Prometheus is an open-source monitoring system and time series databas ...) - prometheus <unfixed> (bug #1138261) + [bullseye] - prometheus <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/prometheus/prometheus/security/advisories/GHSA-fw8g-cg8f-9j28 NOTE: Fixed by: https://github.com/prometheus/prometheus/commit/38f23b9075ced1de2b82d2dad8b2bebb1ecd5b7d + NOTE: Introduced by: https://github.com/prometheus/prometheus/commit/2e205ee95c121d8d6da0d8984f0b3bc599acaa2a (v2.49.0-rc.0) CVE-2026-44900 (epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telemat ...) NOT-FOR-US: epa4all-client CVE-2026-44899 (Mistune is a Python Markdown parser with renderers and plugins. Prior ...) ===================================== data/dla-needed.txt ===================================== @@ -472,10 +472,6 @@ proftpd-dfsg NOTE: 20260511: https://lists.debian.org/debian-lts/2026/05/msg00015.html NOTE: 20260511: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commits/bullseye -- -prometheus - NOTE: 20260601: Added by Front-Desk (dleidert) - NOTE: 20260601: Follow DSA or support secteam with DSA (dleidert/front-desk) --- prosody NOTE: 20260511: Added by Front-Desk (dleidert) NOTE: 20260511: Follow DSA 6252-1 fixing 4 CVEs (dleidert/front-desk) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db9a56819f1536ad996e820975c5c6f35eeded64...796e7cd5c2441b2272faae2e530271bade0609b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/db9a56819f1536ad996e820975c5c6f35eeded64...796e7cd5c2441b2272faae2e530271bade0609b4 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
