Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
822ee402 by Moritz Muehlenhoff at 2026-07-06T15:30:37+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -269,6 +269,7 @@ CVE-2024-1248 (The silent Just-In-Time (JIT) provisioning
feature in federated a
NOT-FOR-US: WSO2
CVE-2026-14570 (Crypt::DSA versions before 1.22 for Perl draw the DSA signing
nonce an ...)
- libcrypt-dsa-perl <removed>
+ [trixie] - libcrypt-dsa-perl <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41542402/
CVE-2026-14647 (A weakness has been identified in onnx up to 1.21.x. This
vulnerabilit ...)
- onnx <unfixed>
@@ -856,11 +857,13 @@ CVE-2026-52187 (Buffer Overflow vulnerability in UTT
nv518G nv518GV3v3.2.7-21091
NOT-FOR-US: UTT
CVE-2026-50722 (Libreswan, via the function
RSA_authenticate_hash_signature_pkcs1_1_5_ ...)
- libreswan <unfixed> (bug #1141390)
+ [trixie] - libreswan <no-dsa> (Minor issue)
[bullseye] - libreswan <end-of-life> (EOL in bullseye LTS)
NOTE: https://libreswan.org/security/CVE-2026-50722/CVE-2026-50722.txt
NOTE: Patches: https://libreswan.org/security/CVE-2026-50722/
CVE-2026-50721 (Libreswan, via the function
RSA_authenticate_hash_signature_raw_rsa(), ...)
- libreswan <unfixed> (bug #1141390)
+ [trixie] - libreswan <no-dsa> (Minor issue)
[bullseye] - libreswan <end-of-life> (EOL in bullseye LTS)
NOTE: https://libreswan.org/security/CVE-2026-50721/CVE-2026-50721.txt
NOTE: Patches: https://libreswan.org/security/CVE-2026-50721/
@@ -940,6 +943,7 @@ CVE-2026-12557 (The Ninja Forms - File Uploads plugin for
WordPress is vulnerabl
NOT-FOR-US: WordPress plugin
CVE-2026-12413 (An invalidly formatted IKEv2 fragment causes the Libreswan
pluto daemo ...)
- libreswan <unfixed> (bug #1141390)
+ [trixie] - libreswan <no-dsa> (Minor issue)
[bullseye] - libreswan <end-of-life> (EOL in bullseye LTS)
NOTE: https://libreswan.org/security/CVE-2026-12413/CVE-2026-12413.txt
NOTE: Patches: https://libreswan.org/security/CVE-2026-12413/
@@ -1929,12 +1933,16 @@ CVE-2026-55510 (ImageMagick is free and open-source
software used for editing an
NOTE: Introduced with:
https://github.com/ImageMagick/ImageMagick6/commit/998cdc0387cef25d38709984bdde0125b83f867a
(6.9.13-42)
CVE-2026-54428 (Allocation of resources without limits or throttling in the
HTTP/2 HPA ...)
- httpcomponents-core5 <unfixed> (bug #1141387)
+ [trixie] - httpcomponents-core5 <no-dsa> (Minor issue)
- httpcomponents-core <unfixed>
+ [trixie] - httpcomponents-core <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/01/3
NOTE: v4 possibly not affected, needs further validation once fix is
identified
CVE-2026-54399 (Uncontrolled Resource Consumption vulnerability in the
HTTP/1.1 messag ...)
- httpcomponents-core5 <unfixed> (bug #1141387)
+ [trixie] - httpcomponents-core5 <no-dsa> (Minor issue)
- httpcomponents-core <unfixed>
+ [trixie] - httpcomponents-core <no-dsa> (Minor issue)
NOTE: https://lists.apache.org/thread/zmxh1pl2zohov5ntdh4lt85gfrlchgpy
NOTE: v4 possibly not affected, needs further validation once fix is
identified
CVE-2026-53909 (MCO does not correctly validate types of uploaded files. File
upload v ...)
@@ -23659,6 +23667,7 @@ CVE-2026-49120 (Medplum before 5.1.14 contains a
server-side request forgery vul
NOT-FOR-US: Medplum
CVE-2026-48682 (FastNetMon Community Edition through 1.2.9 contains an
out-of-bounds r ...)
- fastnetmon <unfixed>
+ [trixie] - fastnetmon <no-dsa> (Minor issue)
NOTE:
https://lorikeetsecurity.com/blog/fastnetmon-cve-2026-48682-ipv4-parser-oob
CVE-2026-48598 (Improper Encoding or Escaping of Output vulnerability in
elixir-tesla ...)
- elixir-tesla <itp> (bug #960541)
=====================================
data/dsa-needed.txt
=====================================
@@ -51,6 +51,9 @@ jetty9
--
jetty12
--
+jq
+ possibly move trixie to 1.9.2
+--
kamailio
--
kitty
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822ee4029837808ac10503b67d554de2313782ff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/822ee4029837808ac10503b67d554de2313782ff
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits