Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
27a43ee2 by Moritz Muehlenhoff at 2026-07-09T16:51:38+02:00
tixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41,16 +41,19 @@ CVE-2026-5523 (The Divi Form Builder plugin for WordPress
is vulnerable to Missi
NOT-FOR-US: WordPress plugin
CVE-2026-59948 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
- composer 2.10.2-1
+ [trixie] - composer <no-dsa> (Minor issue)
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-499r-g7pc-vmp9
NOTE: Fixed by:
https://github.com/composer/composer/commit/502c6c4f699802d9cf464728b3e8a95674f919a0
(2.10.2)
NOTE: Fixed by:
https://github.com/composer/composer/commit/c50b1efd13ebd73f6dca19b31424c5a02bf93cc1
(2.2.29)
CVE-2026-59947 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
- composer 2.10.2-1
+ [trixie] - composer <no-dsa> (Minor issue)
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-g6xq-892h-64w3
NOTE: Fixed by:
https://github.com/composer/composer/commit/8887ad76fbd830cb1861a2b1fd8ead78ed1fa1ec
(2.10.2)
NOTE: Fixed by:
https://github.com/composer/composer/commit/6bd66874ae523ecb69aca5964487a0cdfda03ef8
(2.2.29)
CVE-2026-59946 (Composer is a dependency Manager for the PHP language. Prior
to 2.2.29 ...)
- composer 2.10.2-1
+ [trixie] - composer <no-dsa> (Minor issue)
NOTE:
https://github.com/composer/composer/security/advisories/GHSA-gjfg-22fp-rrxx
NOTE: Fixed by:
https://github.com/composer/composer/commit/502c6c4f699802d9cf464728b3e8a95674f919a0
(2.10.2)
NOTE: Fixed by:
https://github.com/composer/composer/commit/c50b1efd13ebd73f6dca19b31424c5a02bf93cc1
(2.2.29)
@@ -1677,18 +1680,21 @@ CVE-2026-59089 (A flaw was found in GIMP. The
PlayStation TIM loader, responsibl
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/gimp/-/commit/53cdb27fa2b1676d11e9677c9975b5ad7b61b2ee
CVE-2026-XXXX [GHSA-jv8r-gqr9-68wj: Memory-amplification denial of service via
unvalidated DNS header record counts]
- c-ares 1.34.7-1
+ [trixie] - c-ares <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/06/8
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-jv8r-gqr9-68wj
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/eaded4cb200b2a5f8d73f11021ff7c8d6968aaab
(main)
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/e47c203f91cd8b749c8736bc18d75a31ffdec8f4
(v1.34.7)
CVE-2026-XXXX [GHSA-pjmc-gx33-gc76: CPU-exhaustion denial of service via
unbounded DNS name compression pointer chains]
- c-ares 1.34.7-1
+ [trixie] - c-ares <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/06/8
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-pjmc-gx33-gc76
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/f1288bbc70e9a1e0a77134c2382157e52d326aea
(main)
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/5c8341ba6ff3a8e4e4dfd616f8ed0418838b8b7b
(v1.34.7)
CVE-2026-33630
- c-ares 1.34.7-1
+ [trixie] - c-ares <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/07/06/8
NOTE:
https://github.com/c-ares/c-ares/security/advisories/GHSA-6wfj-rwm7-3542
NOTE: Fixed by:
https://github.com/c-ares/c-ares/commit/1fa3b86a0b8d18fe7b60f3228a01d770feb026bc
(main)
@@ -2633,6 +2639,7 @@ CVE-2026-58212
REJECTED
- nats-server 2.14.3-1
- golang-github-nats-io-nkeys <unfixed>
+ [trixie] - golang-github-nats-io-nkeys <no-dsa> (Minor issue)
NOTE:
https://github.com/nats-io/nats-server/security/advisories/GHSA-g33f-6538-grxh
CVE-2026-58214 (NATS Server is a high-performance server for NATS.io, the
cloud and ed ...)
- nats-server 2.14.3-1
@@ -13479,6 +13486,7 @@ CVE-2026-11373 (Net::Statsite::Client versions through
1.1.0 for Perl allow metr
NOT-FOR-US: Net::Statsite::Client Perl module
CVE-2026-6653 (Use After Free in libxml2's xmlParseInternalSubset from GNOME
libxml2 ...)
- libxml2 2.14.5+dfsg-0.1
+ [trixie] - libxml2 <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2026/06/22/3
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1058
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/463bbeeca1805b5c4828f50d0fefc4eebaf620df
(v2.11.0)
@@ -14752,6 +14760,7 @@ CVE-2026-12529 (A security vulnerability has been
detected in SourceCodester CET
NOT-FOR-US: SourceCodester
CVE-2026-12505 (A flaw was found in the cifs-utils package where the
cifs.upcall helpe ...)
- cifs-utils <unfixed> (bug #1140422)
+ [trixie] - cifs-utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2489805
NOTE:
https://git.samba.org/?p=cifs-utils.git;a=commit;h=972c5b5ff95e3e812bc8daa72d0383654ab0dba7
CVE-2026-12407 (The E2Pdf \u2013 Export Pdf Tool for WordPress plugin for
WordPress is ...)
@@ -82556,6 +82565,7 @@ CVE-2026-27831 (rldns is an open source DNS server.
Version 1.3 has a heap-based
NOT-FOR-US: rldns
CVE-2026-27830 (c3p0, a JDBC Connection pooling library, is vulnerable to
attack via m ...)
- c3p0 <unfixed> (bug #1129318)
+ [trixie] - c3p0 <no-dsa> (Minor issue)
NOTE:
https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv
NOTE: Fixed by:
https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e
(v0.12.0)
CVE-2026-27829 (Astro is a web framework. In versions 9.0.0 through 9.5.3, a
bug in As ...)
@@ -87288,6 +87298,7 @@ CVE-2025-12062 (The WP Maps \u2013 Store Locator,Google
Maps,OpenStreetMap,Mapbo
CVE-2026-2604 (A flaw was found in evolution-data-server. Inconsistent
comparison log ...)
{DLA-4503-1}
- evolution-data-server 3.56.2-8 (bug #1128332)
+ [trixie] - evolution-data-server <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/627
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/afa12b6ba502e5acaa431415aa3b939ddb377382
CVE-2026-2575 (A flaw was found in Keycloak. An unauthenticated remote
attacker can t ...)
@@ -110782,15 +110793,19 @@ CVE-2025-66845 (A reflected Cross-Site Scripting
(XSS) vulnerability has been id
NOT-FOR-US: TechStore
CVE-2026-45097
- fastdds <unfixed>
+ [trixie] - fastdds <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284
(v3.6.2)
CVE-2026-45092
- fastdds <unfixed>
+ [trixie] - fastdds <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284
(v3.6.2)
CVE-2026-45093
- fastdds <unfixed>
+ [trixie] - fastdds <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284
(v3.6.2)
CVE-2025-65865 (An integer overflow in eProsima Fast-DDS v3.3 allows attackers
to caus ...)
- fastdds <unfixed>
+ [trixie] - fastdds <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/eProsima/Fast-DDS/commit/42e0d08ef2d32c52ceb1c637ab3ea5e521124284
(v3.6.2)
CVE-2025-65713 (Home Assistant Core before v2025.8.0 is vulnerable to
Directory Traver ...)
NOT-FOR-US: Home Assistant Core
@@ -236349,6 +236364,7 @@ CVE-2024-47537 (GStreamer is a library for
constructing graphs of media-handling
CVE-2024-45337 (Applications and libraries which misuse
connection.serverAuthenticate ...)
[experimental] - golang-go.crypto 1:0.33.0-1~exp1
- golang-go.crypto 1:0.42.0-1 (bug #1089754)
+ [trixie] - golang-go.crypto <no-dsa> (Minor issue)
[bookworm] - golang-go.crypto <no-dsa> (Minor issue)
[bullseye] - golang-go.crypto <postponed> (Limited support, minor
issue, follow bookworm DSAs/point-releases)
NOTE: https://github.com/golang/go/issues/70779
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a43ee2be0487e25d681a263595e8b482b5ca0d
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/27a43ee2be0487e25d681a263595e8b482b5ca0d
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits