Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
17eeb779 by Bastien Roucariès at 2026-06-10T21:27:15+02:00
bullseye triagging
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2714,6 +2714,7 @@ CVE-2020-37248 (OfflineIMAP before 8.0.3 trusts the
server with their STARTTLS c
- offlineimap3 <unfixed> (bug #1139329)
[trixie] - offlineimap3 <no-dsa> (Minor issue)
[bookworm] - offlineimap3 <no-dsa> (Minor issue)
+ [bullseye] - offlineimap3 <postponed> (Minor issue)
NOTE: https://github.com/OfflineIMAP/offlineimap3/issues/222
NOTE: https://github.com/OfflineIMAP/offlineimap/issues/669
NOTE: Fixed by:
https://github.com/OfflineIMAP/offlineimap3/commit/46505c53ef995455d66c685f9ec3ff6ea93dbb74
(v8.0.3)
@@ -3282,6 +3283,7 @@ CVE-2026-11332 (A flaw was found in ansible-core. The
ansible-galaxy role instal
[trixie] - ansible-core <no-dsa> (Minor issue)
[bookworm] - ansible-core <no-dsa> (Minor issue)
- ansible 5.4.0-1
+ [bookworm] - ansible <postponed> (Minor issue)
NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in
experimental/5.4.0-1 in sid
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485379
NOTE: https://github.com/ansible/ansible/pull/87070
@@ -5375,6 +5377,7 @@ CVE-2026-10805 (A flaw was found in NetworkManager. This
local privilege escalat
- network-manager <unfixed> (bug #1139285)
[trixie] - network-manager <ignored> (Minor issue)
[bookworm] - network-manager <ignored> (Minor issue)
+ [bullseye] - network-manager <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484613
NOTE: Network-manager defaults to the internal DHCP client
CVE-2026-10804 (A vulnerability has been found in Streamlit up to 1.53.0.
Impacted is ...)
@@ -5593,15 +5596,19 @@ CVE-2026-47321
- mina2 <unfixed> (bug #1139162)
[trixie] - mina2 <no-dsa> (Minor issue)
[bookworm] - mina2 <no-dsa> (Minor issue)
+ [bullseye] - mina2 <postponed> (Minor issue)
- mina <removed>
[bookworm] - mina <no-dsa> (Minor issue)
+ [bullseye] - mina <postponed> (Minor issue)
NOTE: https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj
CVE-2026-47065 (ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers
Filter By ...)
- mina2 <unfixed> (bug #1139162)
[trixie] - mina2 <no-dsa> (Minor issue)
[bookworm] - mina2 <no-dsa> (Minor issue)
+ [bullseye] - mina2 <postponed> (Minor issue)
- mina <removed>
[bookworm] - mina <no-dsa> (Minor issue)
+ [bullseye] - mina <postponed> (Minor issue)
NOTE: https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj
CVE-2026-45702 (OP-TEE is a Trusted Execution Environment (TEE) designed as
companion ...)
- optee-os <unfixed> (bug #1138880)
@@ -6688,6 +6695,7 @@ CVE-2026-10294 (A vulnerability has been found in
PackageKit up to 1.3.5. Affect
- packagekit <unfixed> (bug #1138711)
[trixie] - packagekit <postponed> (Minor issue, revisit when fixed
upstream)
[bookworm] - packagekit <postponed> (Minor issue, revisit when fixed
upstream)
+ [bullseye] - packagekit <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/PackageKit/PackageKit/issues/969
CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306.
This imp ...)
NOT-FOR-US: UTT
@@ -7205,6 +7213,7 @@ CVE-2026-10532 (Deserialization of untrusted data
vulnerability in QOS.CH Sarl l
- logback <unfixed> (bug #1139180)
[trixie] - logback <no-dsa> (Minor issue)
[bookworm] - logback <no-dsa> (Minor issue)
+ [bullseye] - logback <postponed> (minor issue)
NOTE: https://logback.qos.ch/news.html#1.5.34
CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes
outbound HTTP r ...)
NOT-FOR-US: Clair
@@ -7228,6 +7237,7 @@ CVE-2026-10275 (A flaw has been found in OpenSC up to
0.26.1. This affects the f
- opensc 0.27.1-2 (bug #1139246)
[trixie] - opensc <no-dsa> (Minor issue)
[bookworm] - opensc <no-dsa> (Minor issue)
+ [bullseye] - opensc <postponed> (Minor issue)
NOTE: https://github.com/OpenSC/OpenSC/issues/3682
NOTE: https://github.com/OpenSC/OpenSC/pull/3684
NOTE:
https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab
@@ -7892,6 +7902,7 @@ CVE-2026-45149 (The brace-expansion library generates
arbitrary strings containi
- node-brace-expansion <unfixed> (bug #1138576)
[trixie] - node-brace-expansion <no-dsa> (Minor issue)
[bookworm] - node-brace-expansion <no-dsa> (Minor issue)
+ [bullseye] - node-brace-expansion <postponed> (Minor issue)
NOTE:
https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2
NOTE: Fixed by:
https://github.com/juliangruber/brace-expansion/commit/c0b095bdc52bc4c36dc88deddbadabc49f8371e5
(v5.0.6)
CVE-2026-44640 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging
Platform. ...)
@@ -9279,6 +9290,7 @@ CVE-2026-9828 (Deserialization of untrusted data
vulnerability in QOS.CH Sarl lo
- logback <unfixed> (bug #1138632)
[trixie] - logback <no-dsa> (Minor issue)
[bookworm] - logback <no-dsa> (Minor issue)
+ [bullseye] - logback <postponed> (Minor issue)
NOTE: https://logback.qos.ch/news.html#1.5.33
CVE-2026-9818
REJECTED
@@ -13543,6 +13555,7 @@ CVE-2026-9496 (Versions of the package pacote from
11.2.7 are vulnerable to Deni
- npm <unfixed> (bug #1139159)
[trixie] - npm <no-dsa> (Minor issue)
[bookworm] - npm <no-dsa> (Minor issue)
+ [bullseye] - npm <postponed> (Minor issue)
NOTE: https://security.snyk.io/vuln/SNYK-JS-PACOTE-8225084
CVE-2026-9495 (Versions of the package @koa/router from 14.0.0 and before
15.0.0 are ...)
NOT-FOR-US: koa/router
@@ -14120,6 +14133,7 @@ CVE-2026-9358 (A vulnerability was determined in
postcss up to 7.1.1. Affected i
- node-css-loader <unfixed> (bug #1139161)
[trixie] - node-css-loader <no-dsa> (Minor issue)
[bookworm] - node-css-loader <no-dsa> (Minor issue)
+ [bullseye] - node-css-loader <postponed> (Minor issue)
NOTE: https://gist.github.com/bx33661/581e3a38134601c04e19b4dfc9b459b9
NOTE: postcss-selector-parser embedded in node-css-loader
CVE-2026-9357 (A vulnerability was found in vBulletin 6.x. This impacts an
unknown fu ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17eeb7791dd2ee87157a85f9758d03a7fddd1b4b
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17eeb7791dd2ee87157a85f9758d03a7fddd1b4b
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits