Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
822ee402 by Moritz Muehlenhoff at 2026-07-06T15:30:37+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -269,6 +269,7 @@ CVE-2024-1248 (The silent Just-In-Time (JIT) provisioning 
feature in federated a
        NOT-FOR-US: WSO2
 CVE-2026-14570 (Crypt::DSA versions before 1.22 for Perl draw the DSA signing 
nonce an ...)
        - libcrypt-dsa-perl <removed>
+       [trixie] - libcrypt-dsa-perl <no-dsa> (Minor issue)
        NOTE: https://lists.security.metacpan.org/cve-announce/msg/41542402/
 CVE-2026-14647 (A weakness has been identified in onnx up to 1.21.x. This 
vulnerabilit ...)
        - onnx <unfixed>
@@ -856,11 +857,13 @@ CVE-2026-52187 (Buffer Overflow vulnerability in UTT 
nv518G nv518GV3v3.2.7-21091
        NOT-FOR-US: UTT
 CVE-2026-50722 (Libreswan, via the function 
RSA_authenticate_hash_signature_pkcs1_1_5_ ...)
        - libreswan <unfixed> (bug #1141390)
+       [trixie] - libreswan <no-dsa> (Minor issue)
        [bullseye] - libreswan <end-of-life> (EOL in bullseye LTS)
        NOTE: https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt
        NOTE: Patches: https://libreswan.org/security/CVE-2026-50722/
 CVE-2026-50721 (Libreswan, via the function 
RSA_authenticate_hash_signature_raw_rsa(), ...)
        - libreswan <unfixed> (bug #1141390)
+       [trixie] - libreswan <no-dsa> (Minor issue)
        [bullseye] - libreswan <end-of-life> (EOL in bullseye LTS)
        NOTE: https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt
        NOTE: Patches: https://libreswan.org/security/CVE-2026-50721/
@@ -940,6 +943,7 @@ CVE-2026-12557 (The Ninja Forms - File Uploads plugin for 
WordPress is vulnerabl
        NOT-FOR-US: WordPress plugin
 CVE-2026-12413 (An invalidly formatted IKEv2 fragment causes the Libreswan 
pluto daemo ...)
        - libreswan <unfixed> (bug #1141390)
+       [trixie] - libreswan <no-dsa> (Minor issue)
        [bullseye] - libreswan <end-of-life> (EOL in bullseye LTS)
        NOTE: https://libreswan.org/security/CVE-2026-12413/CVE-2026-12413.txt
        NOTE: Patches: https://libreswan.org/security/CVE-2026-12413/
@@ -1929,12 +1933,16 @@ CVE-2026-55510 (ImageMagick is free and open-source 
software used for editing an
        NOTE: Introduced with: 
https://github.com/ImageMagick/ImageMagick6/commit/998cdc0387cef25d38709984bdde0125b83f867a
 (6.9.13-42)
 CVE-2026-54428 (Allocation of resources without limits or throttling in the 
HTTP/2 HPA ...)
        - httpcomponents-core5 <unfixed> (bug #1141387)
+       [trixie] - httpcomponents-core5 <no-dsa> (Minor issue)
        - httpcomponents-core <unfixed>
+       [trixie] - httpcomponents-core <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/07/01/3
        NOTE: v4 possibly not affected, needs further validation once fix is 
identified
 CVE-2026-54399 (Uncontrolled Resource Consumption vulnerability in the 
HTTP/1.1 messag ...)
        - httpcomponents-core5 <unfixed> (bug #1141387)
+       [trixie] - httpcomponents-core5 <no-dsa> (Minor issue)
        - httpcomponents-core <unfixed>
+       [trixie] - httpcomponents-core <no-dsa> (Minor issue)
        NOTE: https://lists.apache.org/thread/zmxh1pl2zohov5ntdh4lt85gfrlchgpy
        NOTE: v4 possibly not affected, needs further validation once fix is 
identified
 CVE-2026-53909 (MCO does not correctly validate types of uploaded files. File 
upload v ...)
@@ -23659,6 +23667,7 @@ CVE-2026-49120 (Medplum before 5.1.14 contains a 
server-side request forgery vul
        NOT-FOR-US: Medplum
 CVE-2026-48682 (FastNetMon Community Edition through 1.2.9 contains an 
out-of-bounds r ...)
        - fastnetmon <unfixed>
+       [trixie] - fastnetmon <no-dsa> (Minor issue)
        NOTE: 
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48682-ipv4-parser-oob
 CVE-2026-48598 (Improper Encoding or Escaping of Output vulnerability in 
elixir-tesla  ...)
        - elixir-tesla <itp> (bug #960541)


=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,9 @@ jetty9
 --
 jetty12
 --
+jq
+  possibly move trixie to 1.9.2
+--
 kamailio
 --
 kitty



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822ee4029837808ac10503b67d554de2313782ff

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822ee4029837808ac10503b67d554de2313782ff
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to