Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70bdbf6f by Moritz Muehlenhoff at 2026-07-09T18:14:52+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -708,15 +708,18 @@ CVE-2026-49945
CVE-2026-49944
REJECTED
CVE-2026-49147 (App::Ack versions through 3.10.0 for Perl print unsanitised
terminal e ...)
- - ack <unfixed>
+ - ack <unfixed> (unimportant)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41643446/
NOTE: Fixed by:
https://github.com/beyondgrep/ack3/commit/45ff5fe77dbd96f7332f31943102291f878f30b8
(v3.10.0)
+ NOTE: Not considered a security issue, needs to be correctly handled in
the terminal emulators
CVE-2026-49146 (App::Ack versions before 3.10.0 for Perl allow memory
exhaustion via a ...)
- - ack <unfixed>
+ - ack <unfixed> (unimportant)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41643307/
NOTE: Fixed by:
https://github.com/beyondgrep/ack3/commit/45ff5fe77dbd96f7332f31943102291f878f30b8
(v3.10.0)
+ NOTE: Crash in CLI tool, no security impact
CVE-2026-49145 (App::Ack versions through 3.10.0 for Perl read arbitrary files
via --f ...)
- ack <unfixed>
+ [trixie] - ack <no-dsa> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/41643327/
NOTE: Fixed by:
https://github.com/beyondgrep/ack3/commit/45ff5fe77dbd96f7332f31943102291f878f30b8
(v3.10.0)
CVE-2026-44840 (Dgraph is an open source distributed GraphQL database. Prior
to versio ...)
@@ -4593,6 +4596,7 @@ CVE-2026-54896 (Oj (Optimized JSON) is a JSON parser and
Object marshaller packa
NOTE:
https://github.com/ohler55/oj/security/advisories/GHSA-35w3-pjm6-wj95
CVE-2026-54696 (Ruby JSON is a JSON implementation for Ruby. Versions 2.9.0
through 2. ...)
- ruby-json 2.19.9+dfsg-1
+ [trixie] - ruby-json <no-dsa> (Minor issue)
NOTE:
https://github.com/ruby/json/security/advisories/GHSA-x2f5-4prf-w687
NOTE: Fixed by:
https://github.com/ruby/json/commit/fd6a65bd08e5f3a429c03919ebfd8dd19158f095
(v2.19.9)
CVE-2026-54673 (electron-updater allows for automatic updates for Electron
apps. Prior ...)
@@ -10574,6 +10578,7 @@ CVE-2026-12053 (GitLab has remediated an issue in
GitLab EE affecting all versio
NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-11998 (A flaw in AngularJS' Strict Contextual Escaping (SCE) logic
allows byp ...)
- angular.js <unfixed> (bug #1141314)
+ [trixie] - angular.js <no-dsa> (Minor issue)
NOTE:
https://www.herodevs.com/vulnerability-directory/cve-2026-11998?nes-for-angularjs
CVE-2026-11379 (GitLab has remediated an issue in GitLab EE affecting all
versions fro ...)
NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
@@ -14334,10 +14339,12 @@ CVE-2026-44663 (OpenEXR is the reference
implementation and specification for th
NOTE: Fixed by
https://github.com/AcademySoftwareFoundation/openexr/commit/3e2a99a55b1ee3dc5b962bf2cfde86eb24cc6897
(v3.4.13-rc)
CVE-2026-43994 (Coturn is a free open source implementation of TURN and STUN
Server. V ...)
- coturn 4.12.0-1 (bug #1140563)
+ [trixie] - coturn <no-dsa> (Minor issue)
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-74pg-rfh2-5qw5
NOTE: Fixed by:
https://github.com/coturn/coturn/commit/46368b3e1ecda2175f8db8b05ece8bbdbf844cea
(4.10.0)
CVE-2026-43915 (Coturn is a free open source implementation of TURN and STUN
Server. V ...)
- coturn 4.12.0-1
+ [trixie] - coturn <no-dsa> (Minor issue)
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-xxf5-9vj2-g84j
CVE-2026-40624 (Improper input validation in AVer PTC500S, PTC115, PTC500+,
and PTC115 ...)
NOT-FOR-US: AVer
@@ -54831,6 +54838,7 @@ CVE-2026-40614 (PJSIP is a free and open source
multimedia communication library
NOTE:
https://github.com/pjsip/pjproject/commit/17897e835818f8ee03b1806ddcd7b95ea16d2c0e
(2.17)
CVE-2026-40613 (Coturn is a free open source implementation of TURN and STUN
Server. P ...)
- coturn 4.12.0-1 (bug #1134577)
+ [trixie] - coturn <no-dsa> (Minor issue)
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-j662-9wcj-mf36
NOTE: Fixed by:
https://github.com/coturn/coturn/commit/eaa9e7920e98cd10d24ade07f474ddb4e05dc1ea
(4.10.0)
CVE-2026-40611 (Let's Encrypt client and ACME library written in Go (Lego).
Prior to 4 ...)
@@ -83271,6 +83279,7 @@ CVE-2025-0976 (Information Exposure Vulnerability
inHitachi Ops Center API Confi
NOT-FOR-US: Hitachi
CVE-2026-27624 (Coturn is a free open source implementation of TURN and STUN
Server. C ...)
- coturn 4.12.0-1 (bug #1129267)
+ [trixie] - coturn <no-dsa> (Minor issue)
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-j8mm-mpf8-gvjg
NOTE:
https://github.com/coturn/coturn/commit/b80eb898ba26552600770162c26a8ae7f3661b0b
(4.9.0)
CVE-2026-3121 (A flaw was found in Keycloak. An administrator with
`manage-clients` p ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bdbf6f0a08b622d77fe23a1cb6b5ffc3609d1e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bdbf6f0a08b622d77fe23a1cb6b5ffc3609d1e
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits