Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0896b270 by Emilio Pozuelo Monfort at 2026-06-04T19:47:41+02:00
lts: bullseye triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1922,6 +1922,7 @@ CVE-2026-10194 (A weakness has been identified in OFFIS
DCMTK 3.7.0. This affect
- dcmtk <unfixed>
[trixie] - dcmtk <no-dsa> (Minor issue)
[bookworm] - dcmtk <no-dsa> (Minor issue)
+ [bullseye] - dcmtk <no-dsa> (Minor issue)
NOTE:
https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75
CVE-2026-10193 (A security flaw has been discovered in OFCMS up to 1.1.3. The
impacted ...)
NOT-FOR-US: OFCMS
@@ -2203,6 +2204,7 @@ CVE-2026-47123 (FreeScout is a free help desk and shared
inbox built with PHP's
NOT-FOR-US: FreeScout
CVE-2026-46599 (The TIFF decoder does not place a limit on the size of
PackBits-compre ...)
- golang-golang-x-image <unfixed> (bug #1138257)
+ [bullseye] - golang-golang-x-image <no-dsa> (Minor issue)
NOTE: https://github.com/golang/go/issues/79577
NOTE: https://go-review.googlesource.com/c/image/+/759960
CVE-2026-46527 (cpp-httplib is a C++11 single-file header-only cross platform
HTTP/HTT ...)
@@ -2266,6 +2268,7 @@ CVE-2026-44285 (FastGPT is an AI Agent building platform.
Prior to 4.15.0-beta1,
NOT-FOR-US: FastGPT
CVE-2026-42500 (Decoding a paletted BMP file with an out-of-range palette
index result ...)
- golang-golang-x-image <unfixed> (bug #1138257)
+ [bullseye] - golang-golang-x-image <no-dsa> (Minor issue)
NOTE: https://github.com/golang/go/issues/79576
NOTE: https://go-review.googlesource.com/c/image/+/781500
CVE-2026-34127 (A stored cross-site scripting (XSS) vulnerability has been
identified ...)
@@ -3474,6 +3477,7 @@ CVE-2026-10028 (A flaw was found in glib-networking. A
remote attacker can explo
- glib-networking <unfixed> (bug #1138235)
[trixie] - glib-networking <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - glib-networking <postponed> (Minor issue, revisit when
fixed upstream)
+ [bullseye] - glib-networking <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465152
NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/work_items/231
CVE-2026-10022 (Type Confusion in V8 in Google Chrome prior to 148.0.7778.216
allowed ...)
@@ -3922,6 +3926,7 @@ CVE-2026-42250 (bzip2 contains an off\u2011by\u2011one
error in the bzip2recover
- bzip2 <unfixed> (bug #1138255)
[trixie] - bzip2 <no-dsa> (Minor issue)
[bookworm] - bzip2 <no-dsa> (Minor issue)
+ [bullseye] - bzip2 <no-dsa> (Minor issue)
NOTE:
https://inbox.sourceware.org/bzip2-devel/[email protected]/
NOTE: Fixed by:
https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67
CVE-2026-41565 (CryptX versions before 0.088_001 for Perl have a stack buffer
overflow ...)
@@ -4767,6 +4772,7 @@ CVE-2026-44681 (Authlib is a Python library which builds
OAuth and OpenID Connec
NOTE:
https://github.com/authlib/authlib/security/advisories/GHSA-r95x-qfjj-fjj2
CVE-2026-44660 (UltraJSON is a fast JSON encoder and decoder written in pure C
with bi ...)
- ujson <unfixed> (bug #1138258)
+ [bullseye] - ujson <postponed> (Minor issue)
NOTE:
https://github.com/ultrajson/ultrajson/security/advisories/GHSA-c38f-wx89-p2xg
NOTE: Fixed by:
https://github.com/ultrajson/ultrajson/commit/82af1d0ac01d09aa40c887b460d44b9d9f4bccd9
(5.12.1)
CVE-2026-44590 (Sherlock hunts down social media accounts by username across
social ne ...)
@@ -4856,6 +4862,7 @@ CVE-2026-48863
- libsolv 0.7.38-1
[trixie] - libsolv <no-dsa> (Minor issue)
[bookworm] - libsolv <no-dsa> (Minor issue)
+ [bullseye] - libsolv <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460975
NOTE: Fixed by:
https://github.com/openSUSE/libsolv/commit/44f8c085045b1f771641091bbb2b810d12cff9e8
(0.7.38)
CVE-2026-9712 (When creating an export through the pretix API, API clients are
retur ...)
@@ -9434,6 +9441,7 @@ CVE-2026-9150 (A flaw was found in libsolv. This
stack-based buffer overflow vul
- libsolv 0.7.37-1
[trixie] - libsolv <no-dsa> (Minor issue)
[bookworm] - libsolv <no-dsa> (Minor issue)
+ [bullseye] - libsolv <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460379
NOTE: https://github.com/openSUSE/libsolv/pull/616
NOTE: Introduced with:
https://github.com/openSUSE/libsolv/commit/c8164bfecf2ba8bcf4c24329534d3104f19da73c
(0.6.4)
@@ -9442,6 +9450,7 @@ CVE-2026-9149 (A flaw was found in libsolv. This heap
buffer overflow vulnerabil
- libsolv 0.7.38-1 (bug #1137373)
[trixie] - libsolv <no-dsa> (Minor issue)
[bookworm] - libsolv <no-dsa> (Minor issue)
+ [bullseye] - libsolv <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460380
NOTE: https://github.com/openSUSE/libsolv/pull/617
NOTE:
https://github.com/openSUSE/libsolv/commit/210386037c892a720972ad35a3d8f7073b4d763b
(0.7.38)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0896b270c096d243937f60c84967a917660cb852
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0896b270c096d243937f60c84967a917660cb852
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
