Daniel Leidert pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a1f042b1 by Daniel Leidert at 2026-07-03T03:38:06+02:00
lts: update erlang to cover Bookworm as well

- - - - -
73972136 by Daniel Leidert at 2026-07-03T03:38:30+02:00
lts: update firebird3.0 entry to cover Bookworm as well

- - - - -
ec95ba60 by Daniel Leidert at 2026-07-03T03:50:39+02:00
lts: add node-lodash/bookworm to dla-needed

- - - - -
c19682a3 by Daniel Leidert at 2026-07-03T04:02:38+02:00
Add patch link for CVE-2026-43958/rrdtool

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -23012,6 +23012,7 @@ CVE-2026-44211 (Cline is an autonomous coding agent as 
an SDK, IDE extension, or
 CVE-2026-43958 (A flaw was found in rrdcached, a component of rrdtool. A local 
attacke ...)
        - rrdtool <unfixed> (bug #1140106)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460932
+       NOTE: Fixed by: 
https://github.com/oetiker/rrdtool-1.x/commit/4218ec7127ba6c7ea1c20d7c8ea6e2b3f83df73a
 (v1.10.0)
 CVE-2026-43625 (CodexBar prior to 0.32.0 contains a session cookie leakage 
vulnerabili ...)
        NOT-FOR-US: CodexBar
 CVE-2026-43624 (F5-TTS through version 1.1.20 contains a path traversal 
vulnerability  ...)


=====================================
data/dla-needed.txt
=====================================
@@ -151,20 +151,22 @@ edk2/bullseye
   NOTE: 20251230: Added by Front-Desk (Beuc)
   NOTE: 20251230: Lots of postponed issues piled-up (Beuc/front-desk)
 --
-erlang/bullseye
+erlang
   NOTE: 20260519: Added by Front-Desk (Beuc)
   NOTE: 20260519: Re-added after DLA-4590-1, due to 3 newer CVEs, some of 
which high.
   NOTE: 20260519: Also fully follow bookworm 12.14 (CVE-2025-48040)
   NOTE: 20260519: and bookworm 12.12 (CVE-2025-46712).
   NOTE: 20260519: Fix ELTS at the same time. (Beuc/front-desk)
+  NOTE: 20260702: Another round of issues and upcoming DSA 
(dleidert/front-desk)
 --
 expat
   NOTE: 20260518: Added by Front-Desk (Beuc)
   NOTE: 20260518: Upcoming DSA + many postponed CVE.
   NOTE: 20260518: CVE-2026-41080 fix requires for python's CVE-2026-7210.
 --
-firebird3.0/bullseye
+firebird3.0
   NOTE: 20260418: Added by Front-Desk (rouca)
+  NOTE: 20260702: Upcoming DSA (dleidert/front-desk)
 --
 firmware-nonfree/bullseye
   NOTE: 20251130: Added by Front-Desk. Moreover, take care of postponed issue 
(rouca)
@@ -456,6 +458,10 @@ nginx (charles)
   NOTE: 20260618: There was also a customer request to fix it. (charles)
   NOTE: 20260630: Bullseye fix release with 2 CVE fixes + http2 bomb fix. 
Bookworm coming soon. (charles)
 --
+node-lodash/bookworm (utkarsh)
+  NOTE: 20260703: Added by Front-Desk (dleidert)
+  NOTE: 20260703: Follow DLA 4663-1; assigned to Utkarsh to grab this 
(dleidert/front-desk)
+--
 nodejs
   NOTE: 20260622: Added by Front-Desk (lamby)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5b0f1030590194e9c8fbe9076ffac26c17efdf6...c19682a3cef80ef11ba273b9a87ef5ffc3a2cf11

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d5b0f1030590194e9c8fbe9076ffac26c17efdf6...c19682a3cef80ef11ba273b9a87ef5ffc3a2cf11
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to