Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
c4b6f9ff by Moritz Muehlenhoff at 2026-06-23T22:25:09+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3780,6 +3780,7 @@ CVE-2026-53612 [Local Privilege Escalation via TOCTOU in 
mount(8) hook_owner.c c
        NOTE: Fixed by: 
https://github.com/util-linux/util-linux/commit/d0c5adaeb3a3d823aba1377794de8f009b8152cc
 (v2.42.2)
 CVE-2026-36849 [Denial of Service via large SamplesPerPixel tag]
        - tiff 4.7.1-3 (bug #1140300)
+       [trixie] - tiff <ignored> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/06/17/1
        NOTE: https://gitlab.com/libtiff/libtiff/-/work_items/781
        NOTE: Fixed by: 
https://gitlab.com/libtiff/libtiff/-/commit/eedba405d3695b52faae65994c5904f228eca0bf
@@ -5159,6 +5160,7 @@ CVE-2026-XXXX [SSLMate go-pkcs12: Authentication bypass 
in Decode functions]
        NOTE: Fixed by: 
https://github.com/SSLMate/go-pkcs12/commit/03c441f6b0267f695ca02464133c0b373bf4dd55
 (v0.7.2)
 CVE-2026-49452
        - weasyprint 69.0-1
+       [trixie] - weasyprint <no-dsa> (Minor issue)
        NOTE: https://www.courtbouillon.org/blog/00067-weasyprint-69/
        NOTE: 
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-jhhc-3hcp-qhm5
 CVE-2026-54413 (driftregion iso14229 through 0.9.0 contains an integer 
underflow and d ...)
@@ -9219,6 +9221,7 @@ CVE-2026-43972 (Origin Validation Error vulnerability in 
ninenines gun (gun_http
        NOT-FOR-US: gun
 CVE-2026-43966 (Improper Neutralization of CRLF Sequences in HTTP Headers 
('HTTP Reque ...)
        - rabbitmq-server <unfixed>
+       [trixie] - rabbitmq-server <no-dsa> (Minor issue)
        NOTE: Appears to be bundled in rabbitmq-server
        NOTE: https://cna.erlef.org/cves/CVE-2026-43966.html
        NOTE: 
https://github.com/ninenines/cowboy/commit/f77cb9b5e730e300fffb551db1ba5d1c4ed878ef
@@ -17792,6 +17795,7 @@ CVE-2026-44902 (opentelemetry-js is the OpenTelemetry 
JavaScript Client. Prior t
        NOT-FOR-US: opentelemetry-js
 CVE-2026-44839 (RabbitMQ is a messaging and streaming broker. From 3.7.0 to 
before 4.1 ...)
        - rabbitmq-server 4.3.0-2
+       [trixie] - rabbitmq-server <no-dsa> (Minor issue)
        NOTE: 
https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-fh5r-jpm3-fjwp
 CVE-2026-44838 (RabbitMQ is a messaging and streaming broker. From 4.2.0 to 
before 4.2 ...)
        - rabbitmq-server <not-affected> (Vulnerable code never in Debian 
released version)
@@ -83780,6 +83784,7 @@ CVE-2026-24055 (Langfuse is an open source large 
language model engineering plat
        NOT-FOR-US: Langfuse
 CVE-2026-24049 (wheel is a command line tool for manipulating Python wheel 
files, as d ...)
        - wheel 0.46.3-1 (bug #1126274)
+       [trixie] - wheel <no-dsa> (Minor issue)
        [bookworm] - wheel <not-affected> (Vulnerable code introduced later)
        [bullseye] - wheel <not-affected> (Vulnerable code introduced later)
        NOTE: 
https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx


=====================================
data/dsa-needed.txt
=====================================
@@ -44,6 +44,7 @@ kitty
   Maintainer proposed debdiff for review in https://bugs.debian.org/1139898#15
 --
 libheif
+  possibly best to move to 1.23.0
 --
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4b6f9ff1b2f7e46c15bab71ec5d0317bc99eb7e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c4b6f9ff1b2f7e46c15bab71ec5d0317bc99eb7e
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to