Daniel Leidert pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1f042b1 by Daniel Leidert at 2026-07-03T03:38:06+02:00
lts: update erlang to cover Bookworm as well
- - - - -
73972136 by Daniel Leidert at 2026-07-03T03:38:30+02:00
lts: update firebird3.0 entry to cover Bookworm as well
- - - - -
ec95ba60 by Daniel Leidert at 2026-07-03T03:50:39+02:00
lts: add node-lodash/bookworm to dla-needed
- - - - -
c19682a3 by Daniel Leidert at 2026-07-03T04:02:38+02:00
Add patch link for CVE-2026-43958/rrdtool
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -23012,6 +23012,7 @@ CVE-2026-44211 (Cline is an autonomous coding agent as
an SDK, IDE extension, or
CVE-2026-43958 (A flaw was found in rrdcached, a component of rrdtool. A local
attacke ...)
- rrdtool <unfixed> (bug #1140106)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460932
+ NOTE: Fixed by:
https://github.com/oetiker/rrdtool-1.x/commit/4218ec7127ba6c7ea1c20d7c8ea6e2b3f83df73a
(v1.10.0)
CVE-2026-43625 (CodexBar prior to 0.32.0 contains a session cookie leakage
vulnerabili ...)
NOT-FOR-US: CodexBar
CVE-2026-43624 (F5-TTS through version 1.1.20 contains a path traversal
vulnerability ...)
=====================================
data/dla-needed.txt
=====================================
@@ -151,20 +151,22 @@ edk2/bullseye
NOTE: 20251230: Added by Front-Desk (Beuc)
NOTE: 20251230: Lots of postponed issues piled-up (Beuc/front-desk)
--
-erlang/bullseye
+erlang
NOTE: 20260519: Added by Front-Desk (Beuc)
NOTE: 20260519: Re-added after DLA-4590-1, due to 3 newer CVEs, some of
which high.
NOTE: 20260519: Also fully follow bookworm 12.14 (CVE-2025-48040)
NOTE: 20260519: and bookworm 12.12 (CVE-2025-46712).
NOTE: 20260519: Fix ELTS at the same time. (Beuc/front-desk)
+ NOTE: 20260702: Another round of issues and upcoming DSA
(dleidert/front-desk)
--
expat
NOTE: 20260518: Added by Front-Desk (Beuc)
NOTE: 20260518: Upcoming DSA + many postponed CVE.
NOTE: 20260518: CVE-2026-41080 fix requires for python's CVE-2026-7210.
--
-firebird3.0/bullseye
+firebird3.0
NOTE: 20260418: Added by Front-Desk (rouca)
+ NOTE: 20260702: Upcoming DSA (dleidert/front-desk)
--
firmware-nonfree/bullseye
NOTE: 20251130: Added by Front-Desk. Moreover, take care of postponed issue
(rouca)
@@ -456,6 +458,10 @@ nginx (charles)
NOTE: 20260618: There was also a customer request to fix it. (charles)
NOTE: 20260630: Bullseye fix release with 2 CVE fixes + http2 bomb fix.
Bookworm coming soon. (charles)
--
+node-lodash/bookworm (utkarsh)
+ NOTE: 20260703: Added by Front-Desk (dleidert)
+ NOTE: 20260703: Follow DLA 4663-1; assigned to Utkarsh to grab this
(dleidert/front-desk)
+--
nodejs
NOTE: 20260622: Added by Front-Desk (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5b0f1030590194e9c8fbe9076ffac26c17efdf6...c19682a3cef80ef11ba273b9a87ef5ffc3a2cf11
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5b0f1030590194e9c8fbe9076ffac26c17efdf6...c19682a3cef80ef11ba273b9a87ef5ffc3a2cf11
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits