Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ebf11fd9 by Moritz Muehlenhoff at 2026-06-02T20:57:32+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -662,6 +662,8 @@ CVE-2026-10533 (A flaw was found in OpenShift Container
Platform. Completed pods
NOT-FOR-US: OpenShift
CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl
logback ...)
- logback <unfixed>
+ [trixie] - logback <no-dsa> (Minor issue)
+ [bookworm] - logback <no-dsa> (Minor issue)
NOTE: https://logback.qos.ch/news.html#1.5.34
CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes
outbound HTTP r ...)
NOT-FOR-US: Clair
@@ -6297,6 +6299,8 @@ CVE-2026-44788 (SharpCompress is a fully managed C#
library to deal with many co
NOT-FOR-US: SharpCompress library
CVE-2026-44708 (Mistune is a Python Markdown parser with renderers and
plugins. Prior ...)
- mistune <unfixed> (bug #1138260)
+ [trixie] - mistune <no-dsa> (Minor issue)
+ [bookworm] - mistune <no-dsa> (Minor issue)
NOTE:
https://github.com/lepture/mistune/security/advisories/GHSA-8g87-j6q8-g93x
CVE-2026-44451 (Lumiverse is a full-featured AI chat application. Prior to
0.9.7, the ...)
NOT-FOR-US: Lumiverse
@@ -7028,9 +7032,13 @@ CVE-2026-44598 (With valid login credentials, URL
Redirection to Untrusted Site
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/8
CVE-2026-43828 (Default configurations of Apache Shiro send sensitive cookies
in HTTPS ...)
- shiro <unfixed>
+ [trixie] - shiro <no-dsa> (Minor issue)
+ [bookworm] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/7
CVE-2026-43827 (Default configurations of Apache Shiro have a session fixation
vulnera ...)
- shiro <unfixed>
+ [trixie] - shiro <no-dsa> (Minor issue)
+ [bookworm] - shiro <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/6
CVE-2026-9490 (A security vulnerability has been identified in Acer Care
Center where ...)
NOT-FOR-US: Acer
@@ -7334,6 +7342,8 @@ CVE-2026-6059 (A cross-site scripting vulnerability
exists in Aterm. Arbitrary s
NOT-FOR-US: NEC Platforms, Ltd. Aterm WX1800HP (not same as src:aterm)
CVE-2026-48831 (Wine ships a .desktop file that registers itself as a MIME
handler for ...)
- wine <unfixed>
+ [trixie] - wine <no-dsa> (Minor issue)
+ [bookworm] - wine <no-dsa> (Minor issue)
NOTE: https://bugs.winehq.org/show_bug.cgi?id=59767
NOTE: https://www.openwall.com/lists/oss-security/2026/05/19/1
NOTE: https://www.openwall.com/lists/oss-security/2026/05/25/1
@@ -10562,10 +10572,12 @@ CVE-2026-44366 (Vvveb is a powerful and easy to use
CMS with page builder to bui
NOT-FOR-US: Vvveb
CVE-2026-44310 (Gitsign is a keyless Sigstore to signing tool for Git commits
with you ...)
- gitsign <unfixed> (bug #1136789)
+ [trixie] - gitsign <no-dsa> (Minor issue)
NOTE:
https://github.com/sigstore/gitsign/security/advisories/GHSA-7c37-gx6w-8vc5
NOTE: Fixed by:
https://github.com/sigstore/gitsign/commit/d7565c405e188d1ad41d85d5f46adaeec4b85941
(v0.15.0)
CVE-2026-44309 (Gitsign is a keyless Sigstore to signing tool for Git commits
with you ...)
- gitsign <unfixed> (bug #1136789)
+ [trixie] - gitsign <no-dsa> (Minor issue)
NOTE:
https://github.com/sigstore/gitsign/security/advisories/GHSA-7rmh-48mx-2vwc
NOTE: Fixed by:
https://github.com/sigstore/gitsign/commit/3c84d87240644b5c62b3b3d79177ae64448591c8
(v0.16.0)
CVE-2026-44088 (SzafirHost verifies the signature of the downloaded JAR file
using cla ...)
@@ -38973,11 +38985,15 @@ CVE-2026-32916 (OpenClaw versions 2026.3.7 before
2026.3.11 contain an authoriza
NOT-FOR-US: OpenClaw
CVE-2026-32726 (SciTokens C++ is a minimal library for creating and using
SciTokens fr ...)
- scitokens-cpp 1.4.1-1
+ [trixie] - scitokens-cpp <no-dsa> (Minor issue)
+ [bookworm] - scitokens-cpp <no-dsa> (Minor issue)
[bullseye] - scitokens-cpp <postponed> (Minor issue, no rdeps)
NOTE:
https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-q5fm-fgvx-32jq
NOTE: Fixed by:
https://github.com/scitokens/scitokens-cpp/commit/decfe2f00cb9cabbf1e17a3bb2cd4ea1bbbd8a73
(v1.4.1)
CVE-2026-32725 (SciTokens C++ is a minimal library for creating and using
SciTokens fr ...)
- scitokens-cpp 1.4.1-1
+ [trixie] - scitokens-cpp <no-dsa> (Minor issue)
+ [bookworm] - scitokens-cpp <no-dsa> (Minor issue)
[bullseye] - scitokens-cpp <postponed> (Minor issue, no rdeps)
NOTE:
https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp
NOTE: Fixed by:
https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08
(v1.4.1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf11fd97a2dda11550d878a4951b49cf6eee990
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ebf11fd97a2dda11550d878a4951b49cf6eee990
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
