Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
599ec4af by Bastien Roucariès at 2026-06-10T23:26:35+02:00
bullseye triagging
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5808,6 +5808,7 @@ CVE-2025-41259 (SWUpdate before 2026.05 is affected by a
time-of-check time-of-u
- swupdate 2026.05+dfsg-1
[trixie] - swupdate <no-dsa> (Minor issue)
[bookworm] - swupdate <no-dsa> (Minor issue)
+ [bullseye] - swupdate <postponed> (Minor issue)
NOTE: Fixed by:
https://github.com/sbabic/swupdate/commit/f4bd64260e233e207354d68d572b1cbc3e63689d
(2026.05)
CVE-2025-15656 (Incorrect Privilege Assignment vulnerability in Mojoomla
School Manage ...)
NOT-FOR-US: WordPress plugin or theme
@@ -6497,6 +6498,7 @@ CVE-2026-38978 (transmission through 4.1.1 was found to
have a clickjacking weak
- transmission 4.1.2+dfsg-1
[trixie] - transmission <no-dsa> (Minor issue)
[bookworm] - transmission <no-dsa> (Minor issue)
+ [bullseye] - transmission <postponed> (Minor issue)
NOTE: https://github.com/transmission/transmission/issues/8726
NOTE: https://github.com/transmission/transmission/pull/8747
NOTE:
https://github.com/transmission/transmission/commit/6b24c1c214ec6a44fa5fdff0ce7da6b16d8ecaa8
@@ -9601,6 +9603,7 @@ CVE-2026-44604 (A command injection vulnerability was
discovered in the `rpmunco
- rpm <unfixed> (bug #1138234)
[trixie] - rpm <no-dsa> (Minor issue)
[bookworm] - rpm <no-dsa> (Minor issue)
+ [bullseye] - rpm <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460967
CVE-2026-44594 (esm.sh is a no-build content delivery network (CDN) for web
developmen ...)
NOT-FOR-US: esm.sh
@@ -13869,6 +13872,7 @@ CVE-2026-5223 (Cargo incorrectly handled symlinks
inside of crate tarballs downl
- rustc 1.95.0+dfsg1-2
[trixie] - rustc <no-dsa> (Minor issue)
[bookworm] - rustc <no-dsa> (Minor issue)
+ [bullseye] - rustc <postponed> (Minor issue)
NOTE:
https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8
NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5223/
NOTE:
https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577
@@ -13883,6 +13887,7 @@ CVE-2026-5222 (Cargo between 1.68 and 1.96 incorrectly
normalized the URLs of th
- rustc 1.95.0+dfsg1-2
[trixie] - rustc <no-dsa> (Minor issue)
[bookworm] - rustc <no-dsa> (Minor issue)
+ [bullseye] - rustc <postponed> (Minor issue)
NOTE:
https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s
NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5222/
NOTE:
https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f
@@ -18276,6 +18281,7 @@ CVE-2026-44312 (css_parser is a Ruby CSS parser. Prior
to 2.1.0 and 1.22.0, the
- ruby-css-parser 2.1.0-1
[trixie] - ruby-css-parser <no-dsa> (Minor issue)
[bookworm] - ruby-css-parser <no-dsa> (Minor issue)
+ [bullseye] - ruby-css-parser <postponed> (Minor issue)
NOTE:
https://github.com/premailer/css_parser/security/advisories/GHSA-ff6c-w6qf-7xqc
NOTE: https://github.com/premailer/css_parser/issues/185
NOTE: Fixed by:
https://github.com/premailer/css_parser/commit/35e689c904225add78e0c488cf04bad052666449
(v2.1.0)
@@ -78692,6 +78698,7 @@ CVE-2025-68616 (WeasyPrint helps web developers to
create PDF documents. Prior t
- weasyprint <unfixed> (bug #1139189)
[trixie] - weasyprint <no-dsa> (Minor issue)
[bookworm] - weasyprint <no-dsa> (Minor issue)
+ [bullseye] - weasyprint <postponed> (Minor issue)
NOTE:
https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv
CVE-2025-61684 (Quicly, an IETF QUIC protocol implementation, is susceptible
to a deni ...)
NOT-FOR-US: Quicly
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/599ec4afee2c9af20ad66af60098c4fac726cc21
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/599ec4afee2c9af20ad66af60098c4fac726cc21
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits