Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bc30f772 by Moritz Muehlenhoff at 2026-06-13T23:54:37+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1156,6 +1156,7 @@ CVE-2026-45106 (Weblate is a web based localization tool.
Prior to version 2026.
- weblate <itp> (bug #745661)
CVE-2026-44705 (tmp is a temporary file and directory creator for node.js.
Prior to 0. ...)
- node-tmp <unfixed> (bug #1139827)
+ [trixie] - node-tmp <no-dsa> (Minor issue)
NOTE:
https://github.com/raszi/node-tmp/security/advisories/GHSA-ph9p-34f9-6g65
NOTE: Fixed by:
https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429
(v0.2.6)
NOTE: When fixing this issue make sure to fix it completely to not open
up CVE-2026-49982
@@ -1951,13 +1952,16 @@ CVE-2026-22893 (A command injection vulnerability has
been reported to affect se
NOT-FOR-US: QNAP
CVE-2026-11837 (A local privilege escalation vulnerability was found in the
ansible.po ...)
- ansible <unfixed> (bug #1139917)
+ [trixie] - ansible <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487424
CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow
vulnerabili ...)
- sqlite3 <unfixed>
+ [trixie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/src/info/061febcf41ca
NOTE: https://sqlite.org/src/info/4a5ad516ea93
CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption
vulnerabilities in the ...)
- sqlite3 <unfixed>
+ [trixie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://sqlite.org/src/info/061febcf41ca
NOTE: https://sqlite.org/src/info/4a5ad516ea93
CVE-2026-11815 (An attacker who intercepts and tampers with traffic between
the client ...)
@@ -10657,6 +10661,7 @@ CVE-2026-45023 (AutoGPT is a workflow automation
platform for creating, deployin
NOT-FOR-US: AutoGPT
CVE-2026-44973 (Billy is an interface filesystem abstraction for Go. Prior to
5.9.0, m ...)
- golang-github-go-git-go-billy <unfixed>
+ [trixie] - golang-github-go-git-go-billy <no-dsa> (Minor issue)
- golang-github-go-git-go-billy-v6 <unfixed>
NOTE:
https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2
CVE-2026-44885 (Portainer Community Edition is a lightweight service delivery
platform ...)
@@ -11987,6 +11992,7 @@ CVE-2026-45108 (Himmelblau is an interoperability suite
for Microsoft Azure Entr
NOT-FOR-US: Himmelblau
CVE-2026-45104 (MapServer is a system for developing web-based GIS
applications. From ...)
- mapserver 8.6.3-1
+ [trixie] - mapserver <no-dsa> (Minor issue)
NOTE:
https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m
CVE-2026-45102 (OneUptime is an open-source monitoring and observability
platform. Pri ...)
NOT-FOR-US: OneUptime
@@ -23727,6 +23733,7 @@ CVE-2026-42072 (Nornicdb is a distributed low-latency,
Graph+Vector, Temporal MV
NOT-FOR-US: Nornicdb
CVE-2026-42030 (MapServer is a system for developing web-based GIS
applications. From ...)
- mapserver 8.6.2-1
+ [trixie] - mapserver <no-dsa> (Minor issue)
[bullseye] - mapserver <postponed> (Minor issue, reflected XSS)
NOTE:
https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x
CVE-2026-42028 (novaGallery is a php image gallery. Prior to version 2.1.1, a
path tra ...)
@@ -142600,7 +142607,7 @@ CVE-2025-51390 (TOTOLINK N600R
V4.3.0cu.7647_B20210106 was discovered to contain
NOT-FOR-US: TOTOLINK
CVE-2025-50422 (Cairo through 1.18.4, as used in Poppler through 25.08.0, has
an "unsc ...)
- cairo <unfixed> (bug #1110606)
- [trixie] - cairo <no-dsa> (Minor issue)
+ [trixie] - cairo <postponed> (Minor issue, revisit when fixed upstream)
[bookworm] - cairo <no-dsa> (Minor issue)
[bullseye] - cairo <postponed> (Minor Issue; need dump right and local
access)
NOTE: https://github.com/Landw-hub/CVE-2025-50422
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30f772c667932cf274e5cadfa7dca542e3e8c4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30f772c667932cf274e5cadfa7dca542e3e8c4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits