Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
3dbd4719 by Salvatore Bonaccorso at 2026-07-09T07:48:15+02:00
Track proposed dhcpcd5 update via bookworm-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -12198,6 +12198,8 @@ CVE-2026-56115 (Bootimus through 0.1.70 contains a 
broken access control vulnera
 CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a 
one-byte st ...)
        - dhcpcd 1:10.3.2-4 (bug #1140767)
        [trixie] - dhcpcd <no-dsa> (Minor issue)
+       - dhcpcd5 <removed>
+       [bookworm] - dhcpcd5 <no-dsa> (Minor issue; will be fixed in point 
release)
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
 CVE-2026-56113 (dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a 
heap use-af ...)
        - dhcpcd 1:10.3.2-4 (bug #1140767)
@@ -17181,6 +17183,8 @@ CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE 
and CONFIG_XTENSA_MMU, t
 CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples 
NetworkConfiguration/ ...)
        - dhcpcd 1:10.3.1-1
        [trixie] - dhcpcd <no-dsa> (Minor issue)
+       - dhcpcd5 <removed>
+       [bookworm] - dhcpcd5 <no-dsa> (Minor issue; will be fixed in point 
release)
        NOTE: https://github.com/NetworkConfiguration/dhcpcd/issues/567
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
 (v10.3.1)
 CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -230,6 +230,10 @@ CVE-2026-10305
        [bookworm] - rlottie 0.1+dfsg-4+deb12u2
 CVE-2025-9375
        [bookworm] - python-xmltodict 0.13.0-1.1~deb12u1
+CVE-2025-70102
+       [bookworm] - dhcpcd5 9.4.1-24~deb12u5
+CVE-2026-56114
+       [bookworm] - dhcpcd5 9.4.1-24~deb12u5
 CVE-2025-13465
        [bookworm] - node-lodash 4.17.21+dfsg+~cs8.31.198.20210220-9+deb12u1
 CVE-2026-2950



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbd4719b35242aa5ead0e92858f696a41a355d5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3dbd4719b35242aa5ead0e92858f696a41a355d5
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to