Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d58f364b by Moritz Muehlenhoff at 2026-07-03T09:33:25+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -174,7 +174,9 @@ CVE-2026-12996
NOTE: Fixed by:
https://github.com/OpenVPN/openvpn/commit/5ee1f9b90fe03ecf7cef5431147ecaabbe96db9e
(v2.7.5)
CVE-2026-49838
- gobgp 4.7.0-1
+ [trixie] - gobgp <no-dsa> (Minor issue)
NOTE:
https://github.com/osrg/gobgp/security/advisories/GHSA-frrj-87jh-2772
+ NOTE:
https://github.com/osrg/gobgp/commit/4a319a6c25630fb3cdbda3e9ccfe56e702bdaaa0
(v4.7.0)
CVE-2026-9834 (The WP Database Backup \u2013 Unlimited Database & Files Backup
by Bac ...)
NOT-FOR-US: WordPress plugin
CVE-2026-9563 (In Eclipse Parsson published Maven Central artifacts before
version 1. ...)
@@ -632,6 +634,7 @@ CVE-2026-55153 (mchange-commons-java is a Java library of
shared utility classes
- mchange-commons-java <itp> (bug #806774)
CVE-2026-54908 (Pion DTLS is a Go implementation of Datagram Transport Layer
Security. ...)
- golang-github-pion-dtls.v2 <unfixed> (bug #1141306)
+ [trixie] - golang-github-pion-dtls.v2 <no-dsa> (Minor issue)
- golang-github-pion-dtls.v3 <unfixed> (bug #1141307)
NOTE:
https://github.com/pion/dtls/security/advisories/GHSA-wg4g-wm44-ch5j
NOTE: https://github.com/pion/dtls/pull/839
@@ -11661,11 +11664,13 @@ CVE-2026-12491 (A flaw was found in vLLM, an
open-source library for large langu
- vllm <itp> (bug #1095237)
CVE-2026-12199 (A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3
allows u ...)
- nltk <unfixed> (bug #1140486)
+ [trixie] - nltk <no-dsa> (Minor issue)
NOTE: https://huntr.com/bounties/cee4ca6a-d17f-4746-abad-c68119633d37
CVE-2026-12165 (The Contest Gallery \u2013 Upload & Vote Photos, Media, Sell
with PayP ...)
NOT-FOR-US: WordPress plugin
CVE-2026-12151 (Impact: The undici WebSocket client enforces maxPayloadSize on
the cum ...)
- node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
+ [trixie] - node-undici <no-dsa> (Minor issue)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-vxpw-j846-p89q
CVE-2026-12115 (The Counter Box \u2013 Add Countdowns, Timers & Dynamic
Counters to Wo ...)
NOT-FOR-US: WordPress plugin
@@ -11677,6 +11682,7 @@ CVE-2026-11857 (Quanos SCHEMA ST4 on-premises contains
a local privilege escalat
NOT-FOR-US: Quanos SCHEMA ST4 on-premises
CVE-2026-11525 (Impact: When undici parses a Set-Cookie header, it accepts any
SameSit ...)
- node-undici 8.5.0+dfsg+~cs3.2.0-1 (bug #1140363)
+ [trixie] - node-undici <no-dsa> (Minor issue)
NOTE:
https://github.com/nodejs/undici/security/advisories/GHSA-g8m3-5g58-fq7m
CVE-2026-11311 (When NGINX Plus is configured as the data plane for NGINX
Gateway Fabr ...)
NOT-FOR-US: NGINX Gateway Fabric
@@ -46489,7 +46495,9 @@ CVE-2026-41602 (Integer Overflow or Wraparound
vulnerability in Apache Thrift TF
NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/6
CVE-2026-41526 (In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended
to safel ...)
- kcoreaddons <unfixed> (bug #1135179)
+ [trixie] - kcoreaddons <no-dsa> (Minor issue)
- kf6-kcoreaddons 6.26.0-1 (bug #1135178)
+ [trixie] - kf6-kcoreaddons <no-dsa> (Minor issue)
NOTE: https://kde.org/info/security/advisory-20260427-1.txt
NOTE: Fixed by:
https://invent.kde.org/frameworks/kcoreaddons/-/commit/447250fb061d6a866eeef9ae3c21b627244b198a
(v6.25.0)
CVE-2026-41525 (KDE Dolphin before 25.12.3 allows applications in a Flatpak
(or with A ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58f364bf311724926a58067c39b069d1abbebb8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d58f364bf311724926a58067c39b069d1abbebb8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits