Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker
/ security-tracker
Commits:
aea38ec7 by Carlos Henrique Lima Melara at 2026-06-16T22:33:44-03:00
okular: postpone vulnerabilities without CVE ID for bullseye
- - - - -
d29ad07e by Carlos Henrique Lima Melara at 2026-06-16T22:48:38-03:00
LTS: add firefox-esr to dla-needed.txt
- - - - -
2e08b301 by Carlos Henrique Lima Melara at 2026-06-16T22:59:16-03:00
LTS: add thunderbird to dla-needed.txt
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8544,30 +8544,35 @@ CVE-2026-XXXX [integer overflow in fax image allocation
leads to undersized heap
- okular 4:26.04.2-1 (bug #1139009)
[trixie] - okular 4:25.04.2-1+deb13u1
[bookworm] - okular 4:22.12.3-1+deb12u1
+ [bullseye] - okular <postponed> (Minor issue, can be fixed in a next
update)
NOTE: https://kde.org/info/security/advisory-20260511-5.txt
NOTE:
https://commits.kde.org/okular/49cccdec814b2ddb0a403b63994114f09b007a2c
CVE-2026-XXXX [unsigned integer wrap-around in fax backend leads to heap
out-of-bounds read and write]
- okular 4:26.04.2-1 (bug #1139008)
[trixie] - okular 4:25.04.2-1+deb13u1
[bookworm] - okular 4:22.12.3-1+deb12u1
+ [bullseye] - okular <postponed> (Minor issue, can be fixed in a next
update)
NOTE: https://kde.org/info/security/advisory-20260511-4.txt
NOTE:
https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b
CVE-2026-XXXX [heap out-of-bounds read in fax backend Ghostscript header
handling]
- okular 4:26.04.2-1 (bug #1139007)
[trixie] - okular 4:25.04.2-1+deb13u1
[bookworm] - okular 4:22.12.3-1+deb12u1
+ [bullseye] - okular <postponed> (Minor issue, can be fixed in a next
update)
NOTE: https://kde.org/info/security/advisory-20260511-3.txt
NOTE:
https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b
CVE-2026-XXXX [heap out-of-bounds read in fax backend FAXMAGIC comparison]
- okular 4:26.04.2-1 (bug #1139005)
[trixie] - okular 4:25.04.2-1+deb13u1
[bookworm] - okular 4:22.12.3-1+deb12u1
+ [bullseye] - okular <postponed> (Minor issue, can be fixed in a next
update)
NOTE: https://kde.org/info/security/advisory-20260511-2.txt
NOTE:
https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b
CVE-2026-XXXX [heap out-of-bounds write in fax backend on zero-length input]
- okular 4:26.04.2-1 (bug #1139004)
[trixie] - okular 4:25.04.2-1+deb13u1
[bookworm] - okular 4:22.12.3-1+deb12u1
+ [bullseye] - okular <postponed> (Minor issue, can be fixed in a next
update)
NOTE: https://kde.org/info/security/advisory-20260511-1.txt
NOTE:
https://commits.kde.org/okular/466786c354d890e39a3871f80ed686958d2513a2
CVE-2026-49941 (Net::CIDR::Set versions through 0.20 for Perl did not validate
IP addr ...)
=====================================
data/dla-needed.txt
=====================================
@@ -167,6 +167,10 @@ expat/bullseye
firebird3.0/bullseye
NOTE: 20260418: Added by Front-Desk (rouca)
--
+firefox-esr
+ NOTE: 20260616: Added by Front-Desk (charles)
+ NOTE: 20260616: Already in dsa-needed.txt and claimed by jmm (charles)
+--
firmware-nonfree/bullseye
NOTE: 20251130: Added by Front-Desk. Moreover, take care of postponed issue
(rouca)
--
@@ -679,6 +683,10 @@ sympa/bookworm
NOTE: 20250119: Added by Security Team (jmm)
NOTE: 20260611: bookworm LTS handover.
--
+thunderbird
+ NOTE: 20260616: Added by Front-Desk (charles)
+ NOTE: 20260616: Already in dsa-needed.txt and claimed by jmm (charles)
+--
trafficserver/bullseye
NOTE: 20241120: Added by Front-Desk (Beuc)
NOTE: 20241120: Upcoming DSA (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/164ed555a470f22388436c00bc980ab62fd804ec...2e08b301d2516c1e3bc075233087c43b2b594121
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/164ed555a470f22388436c00bc980ab62fd804ec...2e08b301d2516c1e3bc075233087c43b2b594121
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits