Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b7f76c82 by Moritz Muehlenhoff at 2026-07-08T10:43:10+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -480,14 +480,17 @@ CVE-2026-7017 (HTTP::Tiny versions before 0.095 for Perl
forward credential head
NOTE: Fixed by:
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/8f32ca89e21c3ad0422adc698fa6ad17a193f55f
(release-0.095)
CVE-2026-53878 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2
before 5.2. ...)
- python-django 3:5.2.16-1 (bug #1141629)
+ [trixie] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/d5d60ed0323cddaa0ce0237a26a3d49ac21ee05e
(5.2.16)
CVE-2026-53877 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2
before 5.2. ...)
- python-django 3:5.2.16-1 (bug #1141629)
+ [trixie] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/6c66eb8cec52b303af85c2c6e4dd00aa37654dbc
(5.2.16)
CVE-2026-48588 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2
before 5.2. ...)
- python-django 3:5.2.16-1 (bug #1141629)
+ [trixie] - python-django <no-dsa> (Minor issue)
NOTE:
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
NOTE: Fixed by:
https://github.com/django/django/commit/721685aa7799cc9327bd202cd1f70bd012ca95a7
(5.2.16)
CVE-2026-XXXX [InspIRCd Security Advisory 2026-01]
@@ -517,16 +520,19 @@ CVE-2026-59710 (showdown contains a stored cross-site
scripting vulnerability in
NOT-FOR-US: showdown
CVE-2026-58404 (Hugo is a static site generator. From v0.162.0 through
v0.163.0, the d ...)
- hugo <unfixed>
+ [trixie] - hugo <no-dsa> (Minor issue)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-r46f-3rpw-hxrv
NOTE: https://github.com/gohugoio/hugo/pull/15020
NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/a00b5c72ac57afe26df6688ece3ca544a56df372
(v0.163.1)
CVE-2026-58403 (Hugo is a static site generator. From v0.123.0 through
v0.163.0, Hugo' ...)
- hugo <unfixed>
+ [trixie] - hugo <no-dsa> (Minor issue)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-c3wq-j5vh-68rc
NOTE: https://github.com/gohugoio/hugo/pull/15020
NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/cf9c8f93ca2a2838ce378f9e36d052ac2f79e229
(v0.163.1)
CVE-2026-58402 (Hugo is a static site generator. From 0.60.0 until 0.163.3,
Hugo's def ...)
- hugo <unfixed>
+ [trixie] - hugo <no-dsa> (Minor issue)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-q76j-gcg9-vxc6
NOTE: https://github.com/gohugoio/hugo/pull/15051
NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/ce1a7e0bce3713af40496ded3c2c0ceeed49231d
(v0.163.3)
@@ -590,14 +596,17 @@ CVE-2026-53640 (FOSSBilling is a free, open-source
billing and client management
NOT-FOR-US: FOSSBilling
CVE-2026-50135 (Hugo is a static site generator. From 0.123.0 to 0.161.1, a
regression ...)
- hugo 0.162.1-1
+ [trixie] - hugo <no-dsa> (Minor issue)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-fw87-fv5r-9fpw
NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/f8b5fa09a64950c32b803821ede411ebfe772b7a
(v0.162.0)
CVE-2026-50134 (Hugo is a static site generator. From 0.91.0 until 0.162.0,
resources. ...)
- hugo 0.162.1-1
+ [trixie] - hugo <no-dsa> (Minor issue)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-vxgm-5rmg-5w8g
NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/86fbb0f7a8bbb93e2e916390de9e5a4f24bf9f50
(v0.162.0)
CVE-2026-50133 (Hugo is a static site generator. Prior to 0.162.0, Hugo
accepts conten ...)
- hugo 0.162.1-1
+ [trixie] - hugo <no-dsa> (Minor issue)
NOTE:
https://github.com/gohugoio/hugo/security/advisories/GHSA-c54g-xjwj-8g82
NOTE: Fixed by:
https://github.com/gohugoio/hugo/commit/e41a06447daa3071a01f333fdcec0a5153c3c8d1
(v0.162.0)
CVE-2026-4375 (The DoLeads Integrator WordPress plugin through 0.65, wp2epub
WordPres ...)
@@ -1713,6 +1722,7 @@ CVE-2025-71342 (picklescan before 0.0.30 fails to detect
malicious pickle files
NOT-FOR-US: picklescan
CVE-2026-12893 [gstreamer1-libav: gstreamer1-libav: NULL pointer dereference
in gstavdemux.c error handler]
- gst-libav1.0 1.28.4-1
+ [trixie] - gst-libav1.0 <no-dsa> (Minor issue)
NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0038.html
NOTE:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11802
NOTE: Fixed by:
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f904dfda677a0c148de8c391f3dbb11490c7e026
(1.29.2)
@@ -11952,6 +11962,7 @@ CVE-2026-55556
NOTE:
https://github.com/rsyslog/rsyslog/commit/acde2ba25ea33816694b787859f4a727a247b6d6
(v8.2604.0)
CVE-2026-50221 (In OpenStack Swift before 2.37.2, proxy-server does not strip
internal ...)
- swift 2.37.1-5 (bug #1140678)
+ [trixie] - swift <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/23/5
NOTE: https://bugs.launchpad.net/swift/+bug/2150261
CVE-2026-8379 (The Frontend File Manager Plugin WordPress plugin through 23.6
does no ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -92,6 +92,8 @@ rsync
rtpengine
Victor Seva prepared a debdiff for trixie-security for review,
bookworm-security debdiff missing
--
+roundcube
+--
ruby3.3
--
ruby-rack
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f76c8201a274f117e0b387bb77e604df3ce760
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f76c8201a274f117e0b387bb77e604df3ce760
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits