Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
3dbd4719 by Salvatore Bonaccorso at 2026-07-09T07:48:15+02:00
Track proposed dhcpcd5 update via bookworm-pu
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -12198,6 +12198,8 @@ CVE-2026-56115 (Bootimus through 0.1.70 contains a
broken access control vulnera
CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a
one-byte st ...)
- dhcpcd 1:10.3.2-4 (bug #1140767)
[trixie] - dhcpcd <no-dsa> (Minor issue)
+ - dhcpcd5 <removed>
+ [bookworm] - dhcpcd5 <no-dsa> (Minor issue; will be fixed in point
release)
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
CVE-2026-56113 (dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a
heap use-af ...)
- dhcpcd 1:10.3.2-4 (bug #1140767)
@@ -17181,6 +17183,8 @@ CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE
and CONFIG_XTENSA_MMU, t
CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples
NetworkConfiguration/ ...)
- dhcpcd 1:10.3.1-1
[trixie] - dhcpcd <no-dsa> (Minor issue)
+ - dhcpcd5 <removed>
+ [bookworm] - dhcpcd5 <no-dsa> (Minor issue; will be fixed in point
release)
NOTE: https://github.com/NetworkConfiguration/dhcpcd/issues/567
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
(v10.3.1)
CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -230,6 +230,10 @@ CVE-2026-10305
[bookworm] - rlottie 0.1+dfsg-4+deb12u2
CVE-2025-9375
[bookworm] - python-xmltodict 0.13.0-1.1~deb12u1
+CVE-2025-70102
+ [bookworm] - dhcpcd5 9.4.1-24~deb12u5
+CVE-2026-56114
+ [bookworm] - dhcpcd5 9.4.1-24~deb12u5
CVE-2025-13465
[bookworm] - node-lodash 4.17.21+dfsg+~cs8.31.198.20210220-9+deb12u1
CVE-2026-2950
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbd4719b35242aa5ead0e92858f696a41a355d5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbd4719b35242aa5ead0e92858f696a41a355d5
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits