Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
54d720b2 by Emilio Pozuelo Monfort at 2026-01-21T13:35:28+01:00
lts: add node-tar
- - - - -
9f774f10 by Emilio Pozuelo Monfort at 2026-01-21T13:38:49+01:00
lts: triage pypdf2 issues as postponed
- - - - -
b339cc69 by Emilio Pozuelo Monfort at 2026-01-21T13:51:08+01:00
lts: add nodejs
- - - - -
27789255 by Emilio Pozuelo Monfort at 2026-01-21T13:55:57+01:00
lts: add openjdk
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -3906,6 +3906,7 @@ CVE-2026-22691 (pypdf is a free and open-source
pure-python PDF library. Prior t
[bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
[bookworm] - pypdf2 <no-dsa> (Minor issue)
+ [bullseye] - pypdf2 <postponed> (Minor issue)
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv
NOTE: https://github.com/py-pdf/pypdf/pull/3594
NOTE: Fixed by:
https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
(6.6.0)
@@ -3915,6 +3916,7 @@ CVE-2026-22690 (pypdf is a free and open-source
pure-python PDF library. Prior t
[bookworm] - pypdf <no-dsa> (Minor issue)
- pypdf2 <removed>
[bookworm] - pypdf2 <no-dsa> (Minor issue)
+ [bullseye] - pypdf2 <postponed> (Minor issue)
NOTE:
https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg
NOTE: https://github.com/py-pdf/pypdf/pull/3594
NOTE: Fixed by;
https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
(6.6.0)
=====================================
data/dla-needed.txt
=====================================
@@ -250,6 +250,13 @@ netty (rouca)
NOTE: 20251127: all CVEs fixed under sid (rouca)
NOTE: 20260114: fix remaining CVE wait DSA (rouca)
--
+node-tar
+ NOTE: 20260121: Added by Front-Desk (pochu)
+ NOTE: 20260121: also look at postponed issue (pochu)
+--
+nodejs
+ NOTE: 20260121: Added by Front-Desk (pochu)
+--
nova
NOTE: 20250908: Added by Front-Desk (apo)
NOTE: 20250908: See also watcher. Consider fixing postponed issues and sync
@@ -276,6 +283,12 @@ opencryptoki
NOTE: 20250505:
https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in
all dists (Beuc/front-desk)
--
+openjdk-11 (Emilio)
+ NOTE: 20260121: Added by Front-Desk (pochu)
+--
+openjdk-17 (Emilio)
+ NOTE: 20260121: Added by Front-Desk (pochu)
+--
p7zip
NOTE: 20251020: Added by Front-Desk (dleidert)
NOTE: 20251020: I disagree with the low-severity ratings; but finding the
patches might be a hard (dleidert/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e3a63881116b8f39766254f71759547d4b9ef71...27789255fa1a815fc97f23043171ce8750fdab50
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1e3a63881116b8f39766254f71759547d4b9ef71...27789255fa1a815fc97f23043171ce8750fdab50
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
