Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
17eeb779 by Bastien Roucariès at 2026-06-10T21:27:15+02:00
bullseye triagging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2714,6 +2714,7 @@ CVE-2020-37248 (OfflineIMAP before 8.0.3 trusts the 
server with their STARTTLS c
        - offlineimap3 <unfixed> (bug #1139329)
        [trixie] - offlineimap3 <no-dsa> (Minor issue)
        [bookworm] - offlineimap3 <no-dsa> (Minor issue)
+       [bullseye] - offlineimap3 <postponed> (Minor issue)
        NOTE: https://github.com/OfflineIMAP/offlineimap3/issues/222
        NOTE: https://github.com/OfflineIMAP/offlineimap/issues/669
        NOTE: Fixed by: 
https://github.com/OfflineIMAP/offlineimap3/commit/46505c53ef995455d66c685f9ec3ff6ea93dbb74
 (v8.0.3)
@@ -3282,6 +3283,7 @@ CVE-2026-11332 (A flaw was found in ansible-core. The 
ansible-galaxy role instal
        [trixie] - ansible-core <no-dsa> (Minor issue)
        [bookworm] - ansible-core <no-dsa> (Minor issue)
        - ansible 5.4.0-1
+       [bookworm] - ansible <postponed> (Minor issue)
        NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in 
experimental/5.4.0-1 in sid
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485379
        NOTE: https://github.com/ansible/ansible/pull/87070
@@ -5375,6 +5377,7 @@ CVE-2026-10805 (A flaw was found in NetworkManager. This 
local privilege escalat
        - network-manager <unfixed> (bug #1139285)
        [trixie] - network-manager <ignored> (Minor issue)
        [bookworm] - network-manager <ignored> (Minor issue)
+       [bullseye] - network-manager <ignored> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484613
        NOTE: Network-manager defaults to the internal DHCP client
 CVE-2026-10804 (A vulnerability has been found in Streamlit up to 1.53.0. 
Impacted is  ...)
@@ -5593,15 +5596,19 @@ CVE-2026-47321
        - mina2 <unfixed> (bug #1139162)
        [trixie] - mina2 <no-dsa> (Minor issue)
        [bookworm] - mina2 <no-dsa> (Minor issue)
+       [bullseye] - mina2 <postponed> (Minor issue)
        - mina <removed>
        [bookworm] - mina <no-dsa> (Minor issue)
+       [bullseye] - mina <postponed> (Minor issue)
        NOTE: https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj
 CVE-2026-47065 (ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers 
Filter By ...)
        - mina2 <unfixed> (bug #1139162)
        [trixie] - mina2 <no-dsa> (Minor issue)
        [bookworm] - mina2 <no-dsa> (Minor issue)
+       [bullseye] - mina2 <postponed> (Minor issue)
        - mina <removed>
        [bookworm] - mina <no-dsa> (Minor issue)
+       [bullseye] - mina <postponed> (Minor issue)
        NOTE: https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj
 CVE-2026-45702 (OP-TEE is a Trusted Execution Environment (TEE) designed as 
companion  ...)
        - optee-os <unfixed> (bug #1138880)
@@ -6688,6 +6695,7 @@ CVE-2026-10294 (A vulnerability has been found in 
PackageKit up to 1.3.5. Affect
        - packagekit <unfixed> (bug #1138711)
        [trixie] - packagekit <postponed> (Minor issue, revisit when fixed 
upstream)
        [bookworm] - packagekit <postponed> (Minor issue, revisit when fixed 
upstream)
+       [bullseye] - packagekit <postponed> (Minor issue, revisit when fixed 
upstream)
        NOTE: https://github.com/PackageKit/PackageKit/issues/969
 CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. 
This imp ...)
        NOT-FOR-US: UTT
@@ -7205,6 +7213,7 @@ CVE-2026-10532 (Deserialization of untrusted data 
vulnerability in QOS.CH Sarl l
        - logback <unfixed> (bug #1139180)
        [trixie] - logback <no-dsa> (Minor issue)
        [bookworm] - logback <no-dsa> (Minor issue)
+       [bullseye] - logback <postponed> (minor issue)
        NOTE: https://logback.qos.ch/news.html#1.5.34
 CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes 
outbound HTTP r ...)
        NOT-FOR-US: Clair
@@ -7228,6 +7237,7 @@ CVE-2026-10275 (A flaw has been found in OpenSC up to 
0.26.1. This affects the f
        - opensc 0.27.1-2 (bug #1139246)
        [trixie] - opensc <no-dsa> (Minor issue)
        [bookworm] - opensc <no-dsa> (Minor issue)
+       [bullseye] - opensc <postponed> (Minor issue)
        NOTE: https://github.com/OpenSC/OpenSC/issues/3682
        NOTE: https://github.com/OpenSC/OpenSC/pull/3684
        NOTE: 
https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab
@@ -7892,6 +7902,7 @@ CVE-2026-45149 (The brace-expansion library generates 
arbitrary strings containi
        - node-brace-expansion <unfixed> (bug #1138576)
        [trixie] - node-brace-expansion <no-dsa> (Minor issue)
        [bookworm] - node-brace-expansion <no-dsa> (Minor issue)
+       [bullseye] - node-brace-expansion <postponed> (Minor issue)
        NOTE: 
https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2
        NOTE: Fixed by: 
https://github.com/juliangruber/brace-expansion/commit/c0b095bdc52bc4c36dc88deddbadabc49f8371e5
 (v5.0.6)
 CVE-2026-44640 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging 
Platform.  ...)
@@ -9279,6 +9290,7 @@ CVE-2026-9828 (Deserialization of untrusted data 
vulnerability in QOS.CH Sarl lo
        - logback <unfixed> (bug #1138632)
        [trixie] - logback <no-dsa> (Minor issue)
        [bookworm] - logback <no-dsa> (Minor issue)
+       [bullseye] - logback <postponed> (Minor issue)
        NOTE: https://logback.qos.ch/news.html#1.5.33
 CVE-2026-9818
        REJECTED
@@ -13543,6 +13555,7 @@ CVE-2026-9496 (Versions of the package pacote from 
11.2.7 are vulnerable to Deni
        - npm <unfixed> (bug #1139159)
        [trixie] - npm <no-dsa> (Minor issue)
        [bookworm] - npm <no-dsa> (Minor issue)
+       [bullseye] - npm <postponed> (Minor issue)
        NOTE: https://security.snyk.io/vuln/SNYK-JS-PACOTE-8225084
 CVE-2026-9495 (Versions of the package @koa/router from 14.0.0 and before 
15.0.0 are  ...)
        NOT-FOR-US: koa/router
@@ -14120,6 +14133,7 @@ CVE-2026-9358 (A vulnerability was determined in 
postcss up to 7.1.1. Affected i
        - node-css-loader <unfixed> (bug #1139161)
        [trixie] - node-css-loader <no-dsa> (Minor issue)
        [bookworm] - node-css-loader <no-dsa> (Minor issue)
+       [bullseye] - node-css-loader <postponed> (Minor issue)
        NOTE: https://gist.github.com/bx33661/581e3a38134601c04e19b4dfc9b459b9
        NOTE: postcss-selector-parser embedded in node-css-loader
 CVE-2026-9357 (A vulnerability was found in vBulletin 6.x. This impacts an 
unknown fu ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17eeb7791dd2ee87157a85f9758d03a7fddd1b4b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17eeb7791dd2ee87157a85f9758d03a7fddd1b4b
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to