Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fc3929b2 by Moritz Muehlenhoff at 2026-06-22T23:08:07+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -59,9 +59,10 @@ CVE-2026-56423 (MISP Core contained broken access-control 
checks in the bulk del
 CVE-2026-56422 (Multiple MISP core controllers and model capture paths 
accepted client ...)
        NOT-FOR-US: MISP
 CVE-2026-56109 (The Advanced Linux Sound Architecture (ALSA) library before 
1.2.16.1 c ...)
-       - alsa-lib <unfixed>
+       - alsa-lib <unfixed> (unimportant)
        NOTE: 
https://lore.kernel.org/alsa-devel/cagt8pqbu0p2vob+qhxwgcnjrkhacbhayhuubplbn-yj_siv...@mail.gmail.com/
        NOTE: Fixed by: 
https://github.com/alsa-project/alsa-lib/commit/536dd6f8affdf5197c12a63a71c92a70b2833cc0
 (v1.2.16.1)
+       NOTE: Doesn't cross any meaningful security boundary
 CVE-2026-56104 (Chainlit before 2.10.1 contains a session hijacking 
vulnerability that ...)
        NOT-FOR-US: Chainlit
 CVE-2026-55602 (http-proxy-middleware is node.js http-proxy middleware. From 
0.16.0 un ...)
@@ -601,6 +602,7 @@ CVE-2026-9375 (urllib3 version 2.6.3 is vulnerable to a 
decompression bomb bypas
        NOTE: Relates to the fix for CVE-2025-66471.
 CVE-2026-9265 (Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a 
heap OO ...)
        - libcrypt-openssl-pkcs12-perl 1.96-1 (bug #1140426)
+       [trixie] - libcrypt-openssl-pkcs12-perl <no-dsa> (Minor issue)
        NOTE: https://github.com/dsully/perl-crypt-openssl-pkcs12/issues/55
        NOTE: Fixed by: 
https://github.com/dsully/perl-crypt-openssl-pkcs12/commit/a7bd2f319fa8aab8177b3d767ea06dd85ceb3173
 (v1.96)
 CVE-2026-56216 (Capgo before 12.128.2 contains a scope escalation 
vulnerability in the ...)
@@ -9173,30 +9175,48 @@ CVE-2026-11447 (A security flaw has been discovered in 
GL.iNet GL-MT3000 up to 4
 CVE-2026-44173 (MariaDB server is a community developed fork of MySQL server. 
From ver ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-667j-m53j-wpmc
+       NOTE: https://jira.mariadb.org/browse/MDEV-39493
 CVE-2026-44172 (MariaDB server is a community developed fork of MySQL server. 
In versi ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-pv9p-5w55-55jm
+       NOTE: https://jira.mariadb.org/browse/CONC-819
 CVE-2026-44171 (MariaDB server is a community developed fork of MySQL server. 
From ver ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-9pjh-5hhw-65v9
+       NOTE: https://jira.mariadb.org/browse/MDEV-39408
 CVE-2026-44170 (MariaDB server is a community developed fork of MySQL server. 
From ver ...)
-       - mariadb 1:11.8.8-1
+       - mariadb <not-affected> (Windows-specific)
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-f835-cfjq-wf73
+       NOTE: https://jira.mariadb.org/browse/MDEV-39289
 CVE-2026-44169 (MariaDB server is a community developed fork of MySQL server. 
From ver ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-22xq-vq3f-87x2
+       NOTE: https://jira.mariadb.org/browse/MDEV-39288
 CVE-2026-44168 (MariaDB server is a community developed fork of MySQL server. 
From ver ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-vwf7-w26c-9w5h
+       NOTE: https://jira.mariadb.org/browse/MDEV-39413
 CVE-2026-48165 (MariaDB server is a community developed fork of MySQL server. 
From ver ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-7v3p-h23x-8hwv
+       NOTE: https://jira.mariadb.org/browse/MDEV-39676
 CVE-2026-48163 (MariaDB server is a community developed fork of MySQL server. 
From ver ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-rpgv-q6gv-684r
+       NOTE: https://jira.mariadb.org/browse/MDEV-39648
 CVE-2026-49261 (MariaDB server is a community developed fork of MySQL server. 
Versions ...)
        - mariadb 1:11.8.8-1
        NOTE: 
https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8
+       NOTE: 
https://github.com/MariaDB/server/security/advisories/GHSA-3p3m-4x7c-p4pw
+       NOTE: https://jira.mariadb.org/browse/MDEV-39721
 CVE-2025-15646
        - libhtml-gumbo-perl 0.18-5 (bug #1104789)
        [bookworm] - libhtml-gumbo-perl <no-dsa> (Minor issue; to be fixed in 
point release)
@@ -14301,6 +14321,7 @@ CVE-2026-44285 (FastGPT is an AI Agent building 
platform. Prior to 4.15.0-beta1,
        NOT-FOR-US: FastGPT
 CVE-2026-42500 (Decoding a paletted BMP file with an out-of-range palette 
index result ...)
        - golang-golang-x-image 0.42.0-1 (bug #1138257)
+       [trixie] - golang-golang-x-image <no-dsa> (Minor issue)
        [bullseye] - golang-golang-x-image <no-dsa> (Minor issue)
        NOTE: https://github.com/golang/go/issues/79576
        NOTE: https://go-review.googlesource.com/c/image/+/781500


=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,8 @@ linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more 6.1.y versions
 --
+mariadb
+--
 netty
 --
 nginx



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc3929b2e954718700289b5600b8926c51b30065

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fc3929b2e954718700289b5600b8926c51b30065
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to