Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
84c9a8dd by Moritz Muehlenhoff at 2026-06-13T00:18:26+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -7324,6 +7324,7 @@ CVE-2026-48594 (Improper Handling of Highly Compressed 
Data (Data Amplification)
        - elixir-tesla <itp> (bug #960541)
 CVE-2026-47265 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp 3.14.0-1 (bug #1138780)
+       [trixie] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-hg6j-4rv6-33pg
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/f54c40851b0d6c4bbdab97ba518a223adda32478
 (v3.14.0)
 CVE-2026-47201 (authentik is an open-source identity provider. Prior to 
versions 2025. ...)
@@ -7365,6 +7366,7 @@ CVE-2026-35049 (wire-ios is an iOS client for the Wire 
secure messaging applicat
        NOT-FOR-US: wire-ios
 CVE-2026-34993 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        - python-aiohttp 3.14.0-1 (bug #1138781)
+       [trixie] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-jg22-mg44-37j8
        NOTE: 
https://github.com/aio-libs/aiohttp/commit/dcf40f30637e8752c76781cf6703b5a236749a00
 (v3.14.0)
 CVE-2026-34077 (React Router is a router for React. In versions 7.7.0 through 
7.13.1,  ...)
@@ -9291,7 +9293,9 @@ CVE-2026-48527 (HAX CMS helps manage microsite universe 
with PHP or NodeJs backe
        NOT-FOR-US: HAX CMS
 CVE-2026-48501 (GitHub CLI (gh) is GitHub\u2019s official command line tool. 
Prior to  ...)
        - golang-github-cli-go-gh-v2 <unfixed>
+       [trixie] - golang-github-cli-go-gh-v2 <no-dsa> (Minor issue)
        - golang-github-cli-go-gh <unfixed>
+       [trixie] - golang-github-cli-go-gh <no-dsa> (Minor issue)
        NOTE: https://github.com/cli/cli/security/advisories/GHSA-8xvp-7hj6-mcj9
 CVE-2026-47745 (Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, 
the admi ...)
        NOT-FOR-US: Shopper
@@ -17372,7 +17376,7 @@ CVE-2026-31379 (Improper Neutralization of Input During 
Web Page Generation ('Cr
 CVE-2026-31378 (Improper Input Validation vulnerability in Apache OFBiz.  This 
issue a ...)
        NOT-FOR-US: Apache software not packaged in Debian
 CVE-2026-31072 (The JSONSerializer and CBORSerializer in APScheduler (all 
versions inc ...)
-       - apscheduler <unfixed>
+       - apscheduler <not-affected> (Affected serialisers introduced in 4.0)
        NOTE: https://gist.github.com/nedlir/11fb77f35a59cbba73392a086b02a9c6
 CVE-2026-31071 (API endpoints in LalanaChami Pharmacy Management System 
(commit 5c3d02 ...)
        NOT-FOR-US: LalanaChami Pharmacy Management System
@@ -46158,6 +46162,7 @@ CVE-2026-34520 (AIOHTTP is an asynchronous HTTP 
client/server framework for asyn
 CVE-2026-34519 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        {DLA-4613-1}
        - python-aiohttp 3.13.5-1 (bug #1132582)
+       [trixie] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mwh4-6h8g-pg8w
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/53b35a2f8869c37a133e60bf1a82a1c01642ba2b
 (v3.13.4)
 CVE-2026-34518 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
@@ -46170,6 +46175,7 @@ CVE-2026-34518 (AIOHTTP is an asynchronous HTTP 
client/server framework for asyn
 CVE-2026-34517 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        {DLA-4613-1}
        - python-aiohttp 3.13.5-1 (bug #1132582)
+       [trixie] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-3wq7-rqq7-wx6j
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/cbb774f38330563422ca0c413a71021d7b944145
 (v3.13.4)
 CVE-2026-34516 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
@@ -46218,6 +46224,7 @@ CVE-2026-2475 (IBM Verify Identity Access Container 
11.0 through 11.0.2 and IBM
 CVE-2026-22815 (AIOHTTP is an asynchronous HTTP client/server framework for 
asyncio an ...)
        {DLA-4613-1}
        - python-aiohttp 3.13.5-1 (bug #1132582)
+       [trixie] - python-aiohttp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5
        NOTE: Fixed by: 
https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
 (v3.13.4)
 CVE-2026-21767 (HCL BigFix Platform is affected byinsufficient authentication. 
The app ...)
@@ -55466,6 +55473,7 @@ CVE-2026-32837 (miniaudio version 0.11.25 and earlier 
(fixed in commits 1df46ae
        NOTE: https://github.com/mackron/miniaudio/issues/1101
 CVE-2026-32836 (dr_libsdr_flac.h version 0.13.3 and earlier (fixed in commits 
fefced4, ...)
        - libchdr <unfixed>
+       [trixie] - libchdr <no-dsa> (Minor issue)
        NOTE: qtads, dosbox-x and love bundle a copy, but these are standalone 
end user apps, so no security impact
        NOTE: https://github.com/mackron/dr_libs/issues/298
        NOTE: 
https://github.com/mackron/dr_libs/commit/663239a3d0460c33bd5b6e5166edcb404e3df676



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84c9a8dd07c43552159b15bcaa0d30e5e6d3a66f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84c9a8dd07c43552159b15bcaa0d30e5e6d3a66f
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to