Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
665e82ea by Moritz Muehlenhoff at 2026-07-03T22:49:17+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -29630,6 +29630,7 @@ CVE-2026-46644 [insecure equivalence in
symfony/polyfill-intl-idn for ASCII-only
NOTE:
https://github.com/symfony/polyfill/security/advisories/GHSA-2xf4-cg6j-vhgq
CVE-2026-48962 (IO::Compress versions before 2.220 for Perl can execute
arbitrary code ...)
- libio-compress-perl 2.220-1 (bug #1138055)
+ [trixie] - libio-compress-perl <no-dsa> (Minor issue)
- perl 5.40.1-8 (bug #1138854)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/40434385/
NOTE: Fixed by:
https://github.com/pmqs/IO-Compress/commit/f2db247bf90d4cc7ee2710be384946081f3b4610
(v2.220)
@@ -31111,6 +31112,7 @@ CVE-2026-39964 (TypeBot is a chatbot builder tool. In
versions prior to 3.16.0,
NOT-FOR-US: TypeBot
CVE-2026-39821 (The ToASCII and ToUnicode functions incorrectly accept
Punycode-encode ...)
- golang-golang-x-net 1:0.55.0-1
+ [trixie] - golang-golang-x-net <no-dsa> (Minor issue)
[bullseye] - golang-golang-x-net <postponed> (Limited support, minor
issue)
NOTE: https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8
NOTE: https://github.com/golang/go/issues/78760
@@ -34177,6 +34179,7 @@ CVE-2026-44212 (PrestaShop is an open source e-commerce
web application. Prior t
NOT-FOR-US: PrestaShop
CVE-2026-43996 (OpenImageIO is a toolset for reading, writing, and
manipulating image ...)
- openimageio <unfixed> (bug #1139915)
+ [trixie] - openimageio <no-dsa> (Minor issue)
NOTE:
https://github.com/AcademySoftwareFoundation/OpenImageIO/security/advisories/GHSA-mq8j-73c4-cr55
CVE-2026-43909 (OpenImageIO is a toolset for reading, writing, and
manipulating image ...)
- openimageio <unfixed> (bug #1139915)
=====================================
data/dsa-needed.txt
=====================================
@@ -83,7 +83,7 @@ pdfminer (carnil)
perl (carnil)
Comment from maintainer: I'd prefer to wait until upstream gets the point
releases out
--
-php8.4
+php8.4 (jmm)
--
prometheus
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665e82eadac0ef073945a55a3416ee875d561ca6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/665e82eadac0ef073945a55a3416ee875d561ca6
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits