Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
665e82ea by Moritz Muehlenhoff at 2026-07-03T22:49:17+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -29630,6 +29630,7 @@ CVE-2026-46644 [insecure equivalence in 
symfony/polyfill-intl-idn for ASCII-only
        NOTE: 
https://github.com/symfony/polyfill/security/advisories/GHSA-2xf4-cg6j-vhgq
 CVE-2026-48962 (IO::Compress versions before 2.220 for Perl can execute 
arbitrary code ...)
        - libio-compress-perl 2.220-1 (bug #1138055)
+       [trixie] - libio-compress-perl <no-dsa> (Minor issue)
        - perl 5.40.1-8 (bug #1138854)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434385/
        NOTE: Fixed by: 
https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610
 (v2.220)
@@ -31111,6 +31112,7 @@ CVE-2026-39964 (TypeBot is a chatbot builder tool. In 
versions prior to 3.16.0,
        NOT-FOR-US: TypeBot
 CVE-2026-39821 (The ToASCII and ToUnicode functions incorrectly accept 
Punycode-encode ...)
        - golang-golang-x-net 1:0.55.0-1
+       [trixie] - golang-golang-x-net <no-dsa> (Minor issue)
        [bullseye] - golang-golang-x-net <postponed> (Limited support, minor 
issue)
        NOTE: https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
        NOTE: https://github.com/golang/go/issues/78760
@@ -34177,6 +34179,7 @@ CVE-2026-44212 (PrestaShop is an open source e-commerce 
web application. Prior t
        NOT-FOR-US: PrestaShop
 CVE-2026-43996 (OpenImageIO is a toolset for reading, writing, and 
manipulating image  ...)
        - openimageio <unfixed> (bug #1139915)
+       [trixie] - openimageio <no-dsa> (Minor issue)
        NOTE: 
https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-mq8j-73c4-cr55
 CVE-2026-43909 (OpenImageIO is a toolset for reading, writing, and 
manipulating image  ...)
        - openimageio <unfixed> (bug #1139915)


=====================================
data/dsa-needed.txt
=====================================
@@ -83,7 +83,7 @@ pdfminer (carnil)
 perl (carnil)
   Comment from maintainer: I'd prefer to wait until upstream gets the point 
releases out
 --
-php8.4
+php8.4 (jmm)
 --
 prometheus
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665e82eadac0ef073945a55a3416ee875d561ca6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665e82eadac0ef073945a55a3416ee875d561ca6
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to