bookworm triage

Moritz Muehlenhoff (@jmm) Tue, 02 Jun 2026 01:09:23 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
2a54d1ea by Moritz Muehlenhoff at 2026-06-02T10:07:59+02:00
trixie/bookworm triage

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -956,6 +956,8 @@ CVE-2026-49489 (OpenCATS through 0.9.7.4 contains a sql 
injection vulnerability
        NOT-FOR-US: OpenCATS
 CVE-2026-10194 (A weakness has been identified in OFFIS DCMTK 3.7.0. This 
affects the  ...)
        - dcmtk <unfixed>
+       [trixie] - dcmtk <no-dsa> (Minor issue)
+       [bookworm] - dcmtk <no-dsa> (Minor issue)
        NOTE: 
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75
 CVE-2026-10193 (A security flaw has been discovered in OFCMS up to 1.1.3. The 
impacted ...)
        NOT-FOR-US: OFCMS
@@ -1190,12 +1192,16 @@ CVE-2026-8594 (Text::LineFold versions through 2019.001 
for Perl duplicate the o
        NOTE: Patch: 
https://security.metacpan.org/patches/U/Unicode-LineBreak/2019.001/CVE-2026-8594-r1.patch
 CVE-2026-48711
        - sshfs-fuse 3.7.3-1.2 (bug #1138293)
+       [trixie] - sshfs-fuse <no-dsa> (Minor issue)
+       [bookworm] - sshfs-fuse <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/3
        NOTE: 
https://github.com/libfuse/sshfs/security/advisories/GHSA-mm85-q63v-4476
        NOTE: https://github.com/libfuse/sshfs/pull/362
        NOTE: Fixed by: 
https://github.com/libfuse/sshfs/commit/6678accb85ea4aec15dae9961b92af8d12501a66
 (sshfs-3.7.6)
 CVE-2026-47187
        - sshfs-fuse 3.7.3-1.2 (bug #1138293)
+       [trixie] - sshfs-fuse <no-dsa> (Minor issue)
+       [bookworm] - sshfs-fuse <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/3
        NOTE: 
https://github.com/libfuse/sshfs/security/advisories/GHSA-pjv6-2c3f-r357
        NOTE: https://github.com/libfuse/sshfs/pull/361
@@ -1242,7 +1248,9 @@ CVE-2026-46384 (iskorotkov/avro is a fast Go Avro codec. 
Prior to 2.33.0, severa
        NOT-FOR-US: iskorotkov/avro
 CVE-2026-45700 (FreeRDP is a free implementation of the Remote Desktop 
Protocol. Prior ...)
        - freerdp3 3.26.0+dfsg-1
+       [trixie] - freerdp3 <no-dsa> (Minor issue)
        - freerdp2 <removed>
+       [bookworm] - freerdp2 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mpxh-8fq3-x8mh
 CVE-2026-45697 (Formie is a Craft CMS plugin for creating forms. Prior to 
2.2.20 and 3 ...)
        NOT-FOR-US: Formie Craft CMS plugin
@@ -11465,6 +11473,8 @@ CVE-2026-44308 (Spring Cloud AWS simplifies using AWS 
managed services in a Spri
        NOT-FOR-US: Spring Cloud AWS
 CVE-2026-44283 (etcd is a distributed key-value store for the data of a 
distributed sy ...)
        - etcd 3.5.16-11 (bug #1136829)
+       [trixie] - etcd <no-dsa> (Minor issue)
+       [bookworm] - etcd <no-dsa> (Minor issue)
        NOTE: 
https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5
        NOTE: https://github.com/etcd-io/etcd/pull/21677
        NOTE: https://github.com/etcd-io/etcd/pull/21680


=====================================
data/DSA/list
=====================================
@@ -5,7 +5,7 @@
        {CVE-2026-5056 CVE-2026-46469 CVE-2026-46470}
        [trixie] - gst-plugins-good1.0 1.26.2-1+deb13u1
 [01 Jun 2026] DSA-6317-1 symfony - security update
-       {CVE-2024-50340 CVE-2026-45063 CVE-2026-45065 CVE-2026-45067 
CVE-2026-45068 CVE-2026-45071 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 
CVE-2026-45304 CVE-2026-45305 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 
CVE-2026-48784}
+       {CVE-2024-50340 CVE-2026-45063 CVE-2026-45065 CVE-2026-45067 
CVE-2026-45068 CVE-2026-45071 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 
CVE-2026-45304 CVE-2026-45305 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 
CVE-2026-45070 CVE-2026-48784}
        [bookworm] - symfony 5.4.53+dfsg-0+deb12u1
 [31 May 2026] DSA-6316-1 chromium - security update
        {CVE-2026-9872 CVE-2026-9873 CVE-2026-9874 CVE-2026-9875 CVE-2026-9876 
CVE-2026-9877 CVE-2026-9878 CVE-2026-9879 CVE-2026-9880 CVE-2026-9881 
CVE-2026-9882 CVE-2026-9883 CVE-2026-9884 CVE-2026-9885 CVE-2026-9886 
CVE-2026-9887 CVE-2026-9888 CVE-2026-9889 CVE-2026-9890 CVE-2026-9891 
CVE-2026-9892 CVE-2026-9893 CVE-2026-9894 CVE-2026-9895 CVE-2026-9896 
CVE-2026-9897 CVE-2026-9898 CVE-2026-9899 CVE-2026-9900 CVE-2026-9901 
CVE-2026-9902 CVE-2026-9903 CVE-2026-9904 CVE-2026-9905 CVE-2026-9906 
CVE-2026-9907 CVE-2026-9908 CVE-2026-9909 CVE-2026-9910 CVE-2026-9911 
CVE-2026-9912 CVE-2026-9913 CVE-2026-9914 CVE-2026-9915 CVE-2026-9916 
CVE-2026-9917 CVE-2026-9918 CVE-2026-9919 CVE-2026-9920 CVE-2026-9921 
CVE-2026-9922 CVE-2026-9923 CVE-2026-9924 CVE-2026-9925 CVE-2026-9926 
CVE-2026-9927 CVE-2026-9928 CVE-2026-9929 CVE-2026-9930 CVE-2026-9931 
CVE-2026-9932 CVE-2026-9933 CVE-2026-9934 CVE-2026-9935 CVE-2026-9936 
CVE-2026-9937 CVE-2026-9938 CVE-2026-9939 CVE-2026-9940 CVE-2026-9941 
CVE-2026-9942 CVE-2026-9943 CVE-2026-9944 CVE-2026-9945 CVE-2026-9946 
CVE-2026-9947 CVE-2026-9948 CVE-2026-9949 CVE-2026-9950 CVE-2026-9951 
CVE-2026-9952 CVE-2026-9953 CVE-2026-9954 CVE-2026-9955 CVE-2026-9956 
CVE-2026-9957 CVE-2026-9958 CVE-2026-9959 CVE-2026-9960 CVE-2026-9961 
CVE-2026-9962 CVE-2026-9963 CVE-2026-9964 CVE-2026-9965 CVE-2026-9966 
CVE-2026-9967 CVE-2026-9968 CVE-2026-9969 CVE-2026-9970 CVE-2026-9971 
CVE-2026-9972 CVE-2026-9973 CVE-2026-9974 CVE-2026-9975 CVE-2026-9976 
CVE-2026-9977 CVE-2026-9978 CVE-2026-9979 CVE-2026-9980 CVE-2026-9981 
CVE-2026-9982 CVE-2026-9983 CVE-2026-9984 CVE-2026-9985 CVE-2026-9986 
CVE-2026-9987 CVE-2026-9988 CVE-2026-9989 CVE-2026-9990 CVE-2026-9991 
CVE-2026-9992 CVE-2026-9993 CVE-2026-9994 CVE-2026-9995 CVE-2026-9996 
CVE-2026-9997 CVE-2026-9998 CVE-2026-9999 CVE-2026-10000 CVE-2026-10001 
CVE-2026-10002 CVE-2026-10003 CVE-2026-10004 CVE-2026-10005 CVE-2026-10006 
CVE-2026-10007 CVE-2026-10008 CVE-2026-10009 CVE-2026-10010 CVE-2026-10011 
CVE-2026-10012 CVE-2026-10013 CVE-2026-10014 CVE-2026-10015 CVE-2026-10016 
CVE-2026-10017 CVE-2026-10018 CVE-2026-10019 CVE-2026-10020 CVE-2026-10021 
CVE-2026-10022}


=====================================
data/dsa-needed.txt
=====================================
@@ -121,3 +121,5 @@ unbound/oldstable
 --
 xrdp
 --
+xorg-server
+--



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a54d1ea22f598c41efe36d727dcdbc04067b3ea

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a54d1ea22f598c41efe36d727dcdbc04067b3ea
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to