bookworm triage

Moritz Muehlenhoff (@jmm) Mon, 08 Jun 2026 09:06:30 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
232bae54 by Moritz Muehlenhoff at 2026-06-08T18:04:59+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2647,8 +2647,8 @@ CVE-2026-10806 (A vulnerability was found in mjperpinosa 
stumasy. The affected e
        NOT-FOR-US: mjperpinosa stumasy
 CVE-2026-10805 (A flaw was found in NetworkManager. This local privilege 
escalation vu ...)
        - network-manager <unfixed> (bug #1139285)
-       [trixie] - network-manager <no-dsa> (Minor issue)
-       [bookworm] - network-manager <no-dsa> (Minor issue)
+       [trixie] - network-manager <ignored> (Minor issue)
+       [bookworm] - network-manager <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484613
        NOTE: Network-manager defaults to the internal DHCP client
 CVE-2026-10804 (A vulnerability has been found in Streamlit up to 1.53.0. 
Impacted is  ...)
@@ -2912,6 +2912,8 @@ CVE-2026-37462 (An integer underflow in the 
BGPUpdate.DecodeFromBytes function (
        NOTE: 
https://github.com/osrg/gobgp/commit/9ce8936672ebc07df524da77fa4c6ae26d92be6d 
(v4.4.0)
 CVE-2026-37460 (Missing input validation in the rfapiRibBi2Ri() function 
(rfapi_rib.c) ...)
        - frr 10.6.1-1
+       [trixie] - frr <no-dsa> (Minor issue)
+       [bookworm] - frr <no-dsa> (Minor issue)
        NOTE: 
https://github.com/FRRouting/frr/commit/36f4098738627d724a72d37ef660a5d8eb1e8020
 (frr-10.6.1)
 CVE-2026-36748 (RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site 
Scripti ...)
        NOT-FOR-US: RockRMS
@@ -5083,6 +5085,8 @@ CVE-2026-47123 (FreeScout is a free help desk and shared 
inbox built with PHP's
        NOT-FOR-US: FreeScout
 CVE-2026-46599 (The TIFF decoder does not place a limit on the size of 
PackBits-compre ...)
        - golang-golang-x-image <unfixed> (bug #1138257)
+       [trixie] - golang-golang-x-image <no-dsa> (Minor issue)
+       [bookworm] - golang-golang-x-image <no-dsa> (Minor issue)
        [bullseye] - golang-golang-x-image <no-dsa> (Minor issue)
        NOTE: https://github.com/golang/go/issues/79577
        NOTE: https://go-review.googlesource.com/c/image/+/759960
@@ -13455,6 +13459,8 @@ CVE-2026-45232 (Rsync versions before 3.4.3 contain an 
off-by-one out-of-bounds
        NOTE: Fixed by: 
https://github.com/RsyncProject/rsync/commit/a5fc5ebe7a8ef1aa72f6e344599f97fd4427ecba
 (v3.4.3)
 CVE-2026-5090 (Template::Plugin::HTML versions through 3.102 for Perl allows 
HTML and ...)
        - libtemplate-perl 3.102-3 (bug #1137160)
+       [trixie] - libtemplate-perl <no-dsa> (Minor issue)
+       [bookworm] - libtemplate-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40218729/
        NOTE: https://github.com/abw/Template2/issues/327
        NOTE: https://github.com/cpan-authors/Template2/pull/337
@@ -15509,6 +15515,8 @@ CVE-2026-27680 (Due to improper input handling under 
certain conditions, SAP Net
        NOT-FOR-US: SAP
 CVE-2026-24712 (Northern.tech CFEngine Enterprise and Community before 3.21.8, 
3.24.3, ...)
        - cfengine3 <unfixed> (bug #1139174)
+       [trixie] - cfengine3 <no-dsa> (Minor issue)
+       [bookworm] - cfengine3 <no-dsa> (Minor issue)
        NOTE: 
https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/
 CVE-2026-24711 (Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 
3.27.0 ha ...)
        NOT-FOR-US: CFEngine Enterprise
@@ -39603,6 +39611,8 @@ CVE-2026-35176 (openFPGALoader is a utility for 
programming FPGAs. In 1.1.1 and
        NOT-FOR-US: openFPGALoader
 CVE-2026-35172 (Distribution is a toolkit to pack, ship, store, and deliver 
container  ...)
        - docker-registry <unfixed> (bug #1134567)
+       [trixie] - docker-registry <no-dsa> (Minor issue)
+       [bookworm] - docker-registry <no-dsa> (Minor issue)
        NOTE: 
https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc
 CVE-2026-35170 (openFPGALoader is a utility for programming FPGAs. In 1.1.1 
and earlie ...)
        NOT-FOR-US: openFPGALoader



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/232bae549daca4016af02ab44628371fb49b041d

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/232bae549daca4016af02ab44628371fb49b041d
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Reply via email to