Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ff7ec8db by Moritz Muehlenhoff at 2026-06-17T14:13:13+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2235,6 +2235,7 @@ CVE-2026-54412 (LiamBindle MQTT-C through version 1.1.6 
contains a heap-based ou
        NOT-FOR-US: MQTT-C
 CVE-2026-54411 (Linux-PAM through 1.7.2 contains an observable timing 
discrepancy (CWE ...)
        - pam <unfixed> (bug #1140190)
+       [trixie] - pam <postponed> (Minor issue, revisit when fixed upstream)
        NOTE: https://github.com/linux-pam/linux-pam/issues/992
        NOTE: https://github.com/linux-pam/linux-pam/pull/991
 CVE-2026-54410 (nanoMODBUS through v1.23.0 contains an off-by-one buffer 
overflow in t ...)
@@ -2909,6 +2910,7 @@ CVE-2026-44975 (Frappe is a full-stack web application 
framework. Prior to versi
        NOT-FOR-US: Frappe
 CVE-2026-44967 (OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. 
Prior to ...)
        - opentelemetry-cpp <unfixed> (bug #1139879)
+       [trixie] - opentelemetry-cpp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/open-telemetry/opentelemetry-cpp/security/advisories/GHSA-5qhm-4rfp-qqvj
        NOTE: https://github.com/open-telemetry/opentelemetry-cpp/issues/3958
        NOTE: https://github.com/open-telemetry/opentelemetry-cpp/pull/4078
@@ -4001,9 +4003,11 @@ CVE-2024-58350 (Ghidra before 11.2 contains a use after 
free vulnerability in th
        - ghidra <itp> (bug #923851)
 CVE-2026-XXXX [OnionShare follows symlinks in shared directories, allowing 
unintended disclosure of local files]
        - onionshare <unfixed> (bug #1139717)
+       [trixie] - onionshare <no-dsa> (Minor issue)
        NOTE: 
https://github.com/onionshare/onionshare/security/advisories/GHSA-22p9-r2f5-22mf
 CVE-2026-XXXX [OnionShare Receive mode writes uploaded files even when file 
uploads are disabled]
        - onionshare <unfixed> (bug #1139716)
+       [trixie] - onionshare <no-dsa> (Minor issue)
        NOTE: 
https://github.com/onionshare/onionshare/security/advisories/GHSA-v833-3823-cmhp
 CVE-2026-11853 (Debusine is an integrated solution to build, distribute and 
maintain a ...)
        - debusine 0.14.9


=====================================
data/dsa-needed.txt
=====================================
@@ -67,6 +67,10 @@ linux (carnil)
 --
 netty
 --
+node-dompurify
+--
+pacemaker
+--
 pdfminer (carnil)
   Required followup for CVE-2025-64512 as original fix was incomplete.
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7ec8db79515faa77d8534687d1696a621638fb

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7ec8db79515faa77d8534687d1696a621638fb
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to