Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
d58f364b by Moritz Muehlenhoff at 2026-07-03T09:33:25+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -174,7 +174,9 @@ CVE-2026-12996
        NOTE: Fixed by: 
https://github.com/OpenVPN/openvpn/commit/5ee1f9b90fe03ecf7cef5431147ecaabbe96db9e
 (v2.7.5)
 CVE-2026-49838
        - gobgp 4.7.0-1
+       [trixie] - gobgp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/osrg/gobgp/security/advisories/GHSA-frrj-87jh-2772
+       NOTE: 
https://github.com/osrg/gobgp/commit/4a319a6c25630fb3cdbda3e9ccfe56e702bdaaa0 
(v4.7.0)
 CVE-2026-9834 (The WP Database Backup \u2013 Unlimited Database & Files Backup 
by Bac ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-9563 (In Eclipse Parsson published Maven Central artifacts before 
version 1. ...)
@@ -632,6 +634,7 @@ CVE-2026-55153 (mchange-commons-java is a Java library of 
shared utility classes
        - mchange-commons-java <itp> (bug #806774)
 CVE-2026-54908 (Pion DTLS is a Go implementation of Datagram Transport Layer 
Security. ...)
        - golang-github-pion-dtls.v2 <unfixed> (bug #1141306)
+       [trixie] - golang-github-pion-dtls.v2 <no-dsa> (Minor issue)
        - golang-github-pion-dtls.v3 <unfixed> (bug #1141307)
        NOTE: 
https://github.com/pion/dtls/security/advisories/GHSA-wg4g-wm44-ch5j
        NOTE: https://github.com/pion/dtls/pull/839
@@ -11661,11 +11664,13 @@ CVE-2026-12491 (A flaw was found in vLLM, an 
open-source library for large langu
        - vllm <itp> (bug #1095237)
 CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 
allows u ...)
        - nltk <unfixed> (bug #1140486)
+       [trixie] - nltk <no-dsa> (Minor issue)
        NOTE: https://huntr.com/bounties/cee4ca6a-d17f-4746-abad-c68119633d37
 CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell 
with PayP ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-12151 (Impact: The undici WebSocket client enforces maxPayloadSize on 
the cum ...)
        - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
+       [trixie] - node-undici <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q
 CVE-2026-12115 (The Counter Box \u2013 Add Countdowns, Timers & Dynamic 
Counters to Wo ...)
        NOT-FOR-US: WordPress plugin
@@ -11677,6 +11682,7 @@ CVE-2026-11857 (Quanos SCHEMA ST4 on-premises contains 
a local privilege escalat
        NOT-FOR-US: Quanos SCHEMA ST4 on-premises
 CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any 
SameSit ...)
        - node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
+       [trixie] - node-undici <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m
 CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX 
Gateway Fabr ...)
        NOT-FOR-US: NGINX Gateway Fabric
@@ -46489,7 +46495,9 @@ CVE-2026-41602 (Integer Overflow or Wraparound 
vulnerability in Apache Thrift TF
        NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/6
 CVE-2026-41526 (In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended 
to safel ...)
        - kcoreaddons <unfixed> (bug #1135179)
+       [trixie] - kcoreaddons <no-dsa> (Minor issue)
        - kf6-kcoreaddons 6.26.0-1 (bug #1135178)
+       [trixie] - kf6-kcoreaddons <no-dsa> (Minor issue)
        NOTE: https://kde.org/info/security/advisory-20260427-1.txt
        NOTE: Fixed by: 
https://invent.kde.org/frameworks/kcoreaddons/-/commit/447250fb061d6a866eeef9ae3c21b627244b198a
 (v6.25.0)
 CVE-2026-41525 (KDE Dolphin before 25.12.3 allows applications in a Flatpak 
(or with A ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58f364bf311724926a58067c39b069d1abbebb8

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58f364bf311724926a58067c39b069d1abbebb8
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to