Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bc30f772 by Moritz Muehlenhoff at 2026-06-13T23:54:37+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1156,6 +1156,7 @@ CVE-2026-45106 (Weblate is a web based localization tool. 
Prior to version 2026.
        - weblate <itp> (bug #745661)
 CVE-2026-44705 (tmp is a temporary file and directory creator for node.js. 
Prior to 0. ...)
        - node-tmp <unfixed> (bug #1139827)
+       [trixie] - node-tmp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/raszi/node-tmp/security/advisories/GHSA-ph9p-34f9-6g65
        NOTE: Fixed by: 
https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429
 (v0.2.6)
        NOTE: When fixing this issue make sure to fix it completely to not open 
up CVE-2026-49982
@@ -1951,13 +1952,16 @@ CVE-2026-22893 (A command injection vulnerability has 
been reported to affect se
        NOT-FOR-US: QNAP
 CVE-2026-11837 (A local privilege escalation vulnerability was found in the 
ansible.po ...)
        - ansible <unfixed> (bug #1139917)
+       [trixie] - ansible <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487424
 CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow 
vulnerabili ...)
        - sqlite3 <unfixed>
+       [trixie] - sqlite3 <no-dsa> (Minor issue)
        NOTE: https://sqlite.org/src/info/061febcf41ca
        NOTE: https://sqlite.org/src/info/4a5ad516ea93
 CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption 
vulnerabilities in the ...)
        - sqlite3 <unfixed>
+       [trixie] - sqlite3 <no-dsa> (Minor issue)
        NOTE: https://sqlite.org/src/info/061febcf41ca
        NOTE: https://sqlite.org/src/info/4a5ad516ea93
 CVE-2026-11815 (An attacker who intercepts and tampers with traffic between 
the client ...)
@@ -10657,6 +10661,7 @@ CVE-2026-45023 (AutoGPT is a workflow automation 
platform for creating, deployin
        NOT-FOR-US: AutoGPT
 CVE-2026-44973 (Billy is an interface filesystem abstraction for Go. Prior to 
5.9.0, m ...)
        - golang-github-go-git-go-billy <unfixed>
+       [trixie] - golang-github-go-git-go-billy <no-dsa> (Minor issue)
        - golang-github-go-git-go-billy-v6 <unfixed>
        NOTE: 
https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2
 CVE-2026-44885 (Portainer Community Edition is a lightweight service delivery 
platform ...)
@@ -11987,6 +11992,7 @@ CVE-2026-45108 (Himmelblau is an interoperability suite 
for Microsoft Azure Entr
        NOT-FOR-US: Himmelblau
 CVE-2026-45104 (MapServer is a system for developing web-based GIS 
applications. From  ...)
        - mapserver 8.6.3-1
+       [trixie] - mapserver <no-dsa> (Minor issue)
        NOTE: 
https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m
 CVE-2026-45102 (OneUptime is an open-source monitoring and observability 
platform. Pri ...)
        NOT-FOR-US: OneUptime
@@ -23727,6 +23733,7 @@ CVE-2026-42072 (Nornicdb is a distributed low-latency, 
Graph+Vector, Temporal MV
        NOT-FOR-US: Nornicdb
 CVE-2026-42030 (MapServer is a system for developing web-based GIS 
applications. From  ...)
        - mapserver 8.6.2-1
+       [trixie] - mapserver <no-dsa> (Minor issue)
        [bullseye] - mapserver <postponed> (Minor issue, reflected XSS)
        NOTE: 
https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x
 CVE-2026-42028 (novaGallery is a php image gallery. Prior to version 2.1.1, a 
path tra ...)
@@ -142600,7 +142607,7 @@ CVE-2025-51390 (TOTOLINK N600R 
V4.3.0cu.7647_B20210106 was discovered to contain
        NOT-FOR-US: TOTOLINK
 CVE-2025-50422 (Cairo through 1.18.4, as used in Poppler through 25.08.0, has 
an "unsc ...)
        - cairo <unfixed> (bug #1110606)
-       [trixie] - cairo <no-dsa> (Minor issue)
+       [trixie] - cairo <postponed> (Minor issue, revisit when fixed upstream)
        [bookworm] - cairo <no-dsa> (Minor issue)
        [bullseye] - cairo <postponed> (Minor Issue; need dump right and local 
access)
        NOTE: https://github.com/Landw-hub/CVE-2025-50422



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30f772c667932cf274e5cadfa7dca542e3e8c4

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30f772c667932cf274e5cadfa7dca542e3e8c4
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to