Bastien Roucariès pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
a0cbbafe by Bastien Roucariès at 2026-06-10T23:15:14+02:00
bullseye triagging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5148,6 +5148,7 @@ CVE-2026-7774 (tarfile.data_filter could be bypassed 
using crafted link entries,
        - pypy3 <unfixed>
        [trixie] - pypy3 <no-dsa> (Minor issue)
        [bookworm] - pypy3 <no-dsa> (Minor issue)
+       [bullseye] - pypy3 <postponed> (minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/06/04/9
        NOTE: https://github.com/python/cpython/pull/149487
        NOTE: 
https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da
 (main)
@@ -5665,11 +5666,13 @@ CVE-2026-44546 (daphne before 4.2.2 reconstructs a raw 
HTTP request from Twisted
        - python-daphne <unfixed> (bug #1138864)
        [trixie] - python-daphne <no-dsa> (Minor issue)
        [bookworm] - python-daphne <no-dsa> (Minor issue)
+       [bullseye] - python-daphne <postponed> (Minor issue)
        NOTE: Fixed by: 
https://github.com/django/daphne/commit/2628b7b2e6a196afff58defee3d77671a28de631
 (4.2.2)
 CVE-2026-44545 (daphne before 4.2.2 did not pass maxFramePayloadSize or 
maxMessagePayl ...)
        - python-daphne <unfixed> (bug #1138864)
        [trixie] - python-daphne <no-dsa> (Minor issue)
        [bookworm] - python-daphne <no-dsa> (Minor issue)
+       [bullseye] - python-daphne <postponed> (Minor issue)
        NOTE: Fixed by: 
https://github.com/django/daphne/commit/32f8be0fb0bf2a441085cb45e0e8f45455f0793e
 (4.2.2)
 CVE-2026-44281 (GLPI is a free asset and IT management software package. 
Starting in v ...)
        - glpi <removed>
@@ -5838,6 +5841,7 @@ CVE-2026-3276 (unicodedata.normalize() can take excessive 
CPU time when processi
        - pypy3 <unfixed>
        [trixie] - pypy3 <no-dsa> (Minor issue)
        [bookworm] - pypy3 <no-dsa> (Minor issue)
+       [bullseye] - pypy3 <postponed> (minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/15
        NOTE: https://github.com/python/cpython/pull/149080
        NOTE: 
https://github.com/python/cpython/commit/991224b1e8311c85f198f6dd8208bf8cff7fc26f
 (main)
@@ -8445,6 +8449,7 @@ CVE-2026-48998
        - php-guzzlehttp-psr7 2.10.3-1 (bug #1138265)
        [trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
        [bookworm] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
+       [bullseye] - php-guzzlehttp-psr7 <postponed> (Minor issue)
        NOTE: 
https://github.com/guzzle/psr7/security/advisories/GHSA-34xg-wgjx-8xph
 CVE-2026-9999 (Inappropriate implementation in ANGLE in Google Chrome on Mac 
prior to ...)
        {DSA-6316-1}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cbbafe387b8917d86db1e10a72f8bba663a796

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cbbafe387b8917d86db1e10a72f8bba663a796
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to