Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fc3929b2 by Moritz Muehlenhoff at 2026-06-22T23:08:07+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -59,9 +59,10 @@ CVE-2026-56423 (MISP Core contained broken access-control
checks in the bulk del
CVE-2026-56422 (Multiple MISP core controllers and model capture paths
accepted client ...)
NOT-FOR-US: MISP
CVE-2026-56109 (The Advanced Linux Sound Architecture (ALSA) library before
1.2.16.1 c ...)
- - alsa-lib <unfixed>
+ - alsa-lib <unfixed> (unimportant)
NOTE:
https://lore.kernel.org/alsa-devel/cagt8pqbu0p2vob+qhxwgcnjrkhacbhayhuubplbn-yj_siv...@mail.gmail.com/
NOTE: Fixed by:
https://github.com/alsa-project/alsa-lib/commit/536dd6f8affdf5197c12a63a71c92a70b2833cc0
(v1.2.16.1)
+ NOTE: Doesn't cross any meaningful security boundary
CVE-2026-56104 (Chainlit before 2.10.1 contains a session hijacking
vulnerability that ...)
NOT-FOR-US: Chainlit
CVE-2026-55602 (http-proxy-middleware is node.js http-proxy middleware. From
0.16.0 un ...)
@@ -601,6 +602,7 @@ CVE-2026-9375 (urllib3 version 2.6.3 is vulnerable to a
decompression bomb bypas
NOTE: Relates to the fix for CVE-2025-66471.
CVE-2026-9265 (Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a
heap OO ...)
- libcrypt-openssl-pkcs12-perl 1.96-1 (bug #1140426)
+ [trixie] - libcrypt-openssl-pkcs12-perl <no-dsa> (Minor issue)
NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
NOTE: Fixed by:
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173
(v1.96)
CVE-2026-56216 (Capgo before 12.128.2 contains a scope escalation
vulnerability in the ...)
@@ -9173,30 +9175,48 @@ CVE-2026-11447 (A security flaw has been discovered in
GL.iNet GL-MT3000 up to 4
CVE-2026-44173 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc
+ NOTE: https://jira.mariadb.org/browse/MDEV-39493
CVE-2026-44172 (MariaDB server is a community developed fork of MySQL server.
In versi ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-pv9p-5w55-55jm
+ NOTE: https://jira.mariadb.org/browse/CONC-819
CVE-2026-44171 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9
+ NOTE: https://jira.mariadb.org/browse/MDEV-39408
CVE-2026-44170 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- - mariadb 1:11.8.8-1
+ - mariadb <not-affected> (Windows-specific)
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-f835-cfjq-wf73
+ NOTE: https://jira.mariadb.org/browse/MDEV-39289
CVE-2026-44169 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2
+ NOTE: https://jira.mariadb.org/browse/MDEV-39288
CVE-2026-44168 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-vwf7-w26c-9w5h
+ NOTE: https://jira.mariadb.org/browse/MDEV-39413
CVE-2026-48165 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv
+ NOTE: https://jira.mariadb.org/browse/MDEV-39676
CVE-2026-48163 (MariaDB server is a community developed fork of MySQL server.
From ver ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-rpgv-q6gv-684r
+ NOTE: https://jira.mariadb.org/browse/MDEV-39648
CVE-2026-49261 (MariaDB server is a community developed fork of MySQL server.
Versions ...)
- mariadb 1:11.8.8-1
NOTE:
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
+ NOTE:
https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw
+ NOTE: https://jira.mariadb.org/browse/MDEV-39721
CVE-2025-15646
- libhtml-gumbo-perl 0.18-5 (bug #1104789)
[bookworm] - libhtml-gumbo-perl <no-dsa> (Minor issue; to be fixed in
point release)
@@ -14301,6 +14321,7 @@ CVE-2026-44285 (FastGPT is an AI Agent building
platform. Prior to 4.15.0-beta1,
NOT-FOR-US: FastGPT
CVE-2026-42500 (Decoding a paletted BMP file with an out-of-range palette
index result ...)
- golang-golang-x-image 0.42.0-1 (bug #1138257)
+ [trixie] - golang-golang-x-image <no-dsa> (Minor issue)
[bullseye] - golang-golang-x-image <no-dsa> (Minor issue)
NOTE: https://github.com/golang/go/issues/79576
NOTE: https://go-review.googlesource.com/c/image/+/781500
=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,8 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
--
+mariadb
+--
netty
--
nginx
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc3929b2e954718700289b5600b8926c51b30065
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc3929b2e954718700289b5600b8926c51b30065
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits