Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b7f76c82 by Moritz Muehlenhoff at 2026-07-08T10:43:10+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -480,14 +480,17 @@ CVE-2026-7017 (HTTP::Tiny versions before 0.095 for Perl 
forward credential head
        NOTE: Fixed by: 
https://github.com/Perl-Toolchain-Gang/HTTP-Tiny/commit/8f32ca89e21c3ad0422adc698fa6ad17a193f55f
 (release-0.095)
 CVE-2026-53878 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2 
before 5.2. ...)
        - python-django 3:5.2.16-1 (bug #1141629)
+       [trixie] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/d5d60ed0323cddaa0ce0237a26a3d49ac21ee05e
 (5.2.16)
 CVE-2026-53877 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2 
before 5.2. ...)
        - python-django 3:5.2.16-1 (bug #1141629)
+       [trixie] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/6c66eb8cec52b303af85c2c6e4dd00aa37654dbc
 (5.2.16)
 CVE-2026-48588 (An issue was discovered in Django 6.0 before 6.0.7 and 5.2 
before 5.2. ...)
        - python-django 3:5.2.16-1 (bug #1141629)
+       [trixie] - python-django <no-dsa> (Minor issue)
        NOTE: 
https://www.djangoproject.com/weblog/2026/jul/07/security-releases/
        NOTE: Fixed by: 
https://github.com/django/django/commit/721685aa7799cc9327bd202cd1f70bd012ca95a7
 (5.2.16)
 CVE-2026-XXXX [InspIRCd Security Advisory 2026-01]
@@ -517,16 +520,19 @@ CVE-2026-59710 (showdown contains a stored cross-site 
scripting vulnerability in
        NOT-FOR-US: showdown
 CVE-2026-58404 (Hugo is a static site generator. From v0.162.0 through 
v0.163.0, the d ...)
        - hugo <unfixed>
+       [trixie] - hugo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-r46f-3rpw-hxrv
        NOTE: https://github.com/gohugoio/hugo/pull/15020
        NOTE: Fixed by: 
https://github.com/gohugoio/hugo/commit/a00b5c72ac57afe26df6688ece3ca544a56df372
 (v0.163.1)
 CVE-2026-58403 (Hugo is a static site generator. From v0.123.0 through 
v0.163.0, Hugo' ...)
        - hugo <unfixed>
+       [trixie] - hugo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-c3wq-j5vh-68rc
        NOTE: https://github.com/gohugoio/hugo/pull/15020
        NOTE: Fixed by: 
https://github.com/gohugoio/hugo/commit/cf9c8f93ca2a2838ce378f9e36d052ac2f79e229
 (v0.163.1)
 CVE-2026-58402 (Hugo is a static site generator. From 0.60.0 until 0.163.3, 
Hugo's def ...)
        - hugo <unfixed>
+       [trixie] - hugo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-q76j-gcg9-vxc6
        NOTE: https://github.com/gohugoio/hugo/pull/15051
        NOTE: Fixed by: 
https://github.com/gohugoio/hugo/commit/ce1a7e0bce3713af40496ded3c2c0ceeed49231d
 (v0.163.3)
@@ -590,14 +596,17 @@ CVE-2026-53640 (FOSSBilling is a free, open-source 
billing and client management
        NOT-FOR-US: FOSSBilling
 CVE-2026-50135 (Hugo is a static site generator. From 0.123.0 to 0.161.1, a 
regression ...)
        - hugo 0.162.1-1
+       [trixie] - hugo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-fw87-fv5r-9fpw
        NOTE: Fixed by: 
https://github.com/gohugoio/hugo/commit/f8b5fa09a64950c32b803821ede411ebfe772b7a
 (v0.162.0)
 CVE-2026-50134 (Hugo is a static site generator. From 0.91.0 until 0.162.0, 
resources. ...)
        - hugo 0.162.1-1
+       [trixie] - hugo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-vxgm-5rmg-5w8g
        NOTE: Fixed by: 
https://github.com/gohugoio/hugo/commit/86fbb0f7a8bbb93e2e916390de9e5a4f24bf9f50
 (v0.162.0)
 CVE-2026-50133 (Hugo is a static site generator. Prior to 0.162.0, Hugo 
accepts conten ...)
        - hugo 0.162.1-1
+       [trixie] - hugo <no-dsa> (Minor issue)
        NOTE: 
https://github.com/gohugoio/hugo/security/advisories/GHSA-c54g-xjwj-8g82
        NOTE: Fixed by: 
https://github.com/gohugoio/hugo/commit/e41a06447daa3071a01f333fdcec0a5153c3c8d1
 (v0.162.0)
 CVE-2026-4375 (The DoLeads Integrator WordPress plugin through 0.65, wp2epub 
WordPres ...)
@@ -1713,6 +1722,7 @@ CVE-2025-71342 (picklescan before 0.0.30 fails to detect 
malicious pickle files
        NOT-FOR-US: picklescan
 CVE-2026-12893 [gstreamer1-libav: gstreamer1-libav: NULL pointer dereference 
in gstavdemux.c error handler]
        - gst-libav1.0 1.28.4-1
+       [trixie] - gst-libav1.0 <no-dsa> (Minor issue)
        NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0038.html
        NOTE: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/11802
        NOTE: Fixed by: 
https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f904dfda677a0c148de8c391f3dbb11490c7e026
 (1.29.2)
@@ -11952,6 +11962,7 @@ CVE-2026-55556
        NOTE: 
https://github.com/rsyslog/rsyslog/commit/acde2ba25ea33816694b787859f4a727a247b6d6
 (v8.2604.0)
 CVE-2026-50221 (In OpenStack Swift before 2.37.2, proxy-server does not strip 
internal ...)
        - swift 2.37.1-5 (bug #1140678)
+       [trixie] - swift <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/06/23/5
        NOTE: https://bugs.launchpad.net/swift/+bug/2150261
 CVE-2026-8379 (The Frontend File Manager Plugin WordPress plugin through 23.6 
does no ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -92,6 +92,8 @@ rsync
 rtpengine
   Victor Seva prepared a debdiff for trixie-security for review, 
bookworm-security debdiff missing
 --
+roundcube
+--
 ruby3.3
 --
 ruby-rack



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f76c8201a274f117e0b387bb77e604df3ce760

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7f76c8201a274f117e0b387bb77e604df3ce760
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to