Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
785ff9ea by Moritz Muehlenhoff at 2026-07-06T10:29:25+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -270,6 +270,7 @@ CVE-2026-14570 (Crypt::DSA versions before 1.22 for Perl
draw the DSA signing no
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41542402/
CVE-2026-14647 (A weakness has been identified in onnx up to 1.21.x. This
vulnerabilit ...)
- onnx <unfixed>
+ [trixie] - onnx <no-dsa> (Minor issue)
NOTE: https://github.com/onnx/onnx/issues/8036
NOTE: https://github.com/onnx/onnx/pull/8051
NOTE: Fixed by:
https://github.com/onnx/onnx/commit/a7bf3a0f1d18bb62575236ef6e4944980c40e045
@@ -1280,6 +1281,7 @@ CVE-2026-39448 (Unauthenticated Broken Access Control in
NOWPayments for WooComm
NOT-FOR-US: WordPress plugin or theme
CVE-2026-33592 (An unauthenticated remote attacker can exhaust server memory
via the F ...)
- open62541 <unfixed> (bug #1141441)
+ [trixie] - open62541 <no-dsa> (Minor issue)
NOTE: https://github.com/open62541/open62541/pull/8142
NOTE: Fixed by:
https://github.com/open62541/open62541/commit/c9563e8ea4a8db2f64059c8ff7efe0b49a35bea3
(v1.4.17)
CVE-2026-27436 (Editor Arbitrary Code Execution in Five Star Business Profile
and Sche ...)
@@ -1338,6 +1340,7 @@ CVE-2026-12122 (The Kirki \u2013 Freeform Page Builder,
Website Builder & Custom
NOT-FOR-US: WordPress plugin
CVE-2026-11946 (An unauthenticated remote attacker can exhaust server memory
via the G ...)
- open62541 <unfixed> (bug #1141441)
+ [trixie] - open62541 <no-dsa> (Minor issue)
NOTE: https://github.com/open62541/open62541/pull/8142
NOTE: Fixed by:
https://github.com/open62541/open62541/commit/c9563e8ea4a8db2f64059c8ff7efe0b49a35bea3
(v1.4.17)
CVE-2026-11896 (The My Calendar \u2013 Accessible Event Manager plugin for
WordPress i ...)
@@ -4477,11 +4480,13 @@ CVE-2026-4629 (A flaw was found in Keycloak. A highly
privileged user with `mana
CVE-2026-4360 (In the Tarfile.extract() function, the filter parameter is not
passed ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
- jython <unfixed>
+ [trixie] - jython <no-dsa> (Minor issue)
[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
- pypy3 <unfixed> (bug #1141531)
[trixie] - pypy3 <no-dsa> (Minor issue)
=====================================
data/dsa-needed.txt
=====================================
@@ -82,6 +82,8 @@ perl (carnil)
--
prometheus
--
+python-msgpack
+--
redis
--
rsync
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/785ff9ea52158cd8222869d6b0f3dd951d96206e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/785ff9ea52158cd8222869d6b0f3dd951d96206e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits