Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
07af49bd by Moritz Muehlenhoff at 2026-06-14T20:34:49+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1325,6 +1325,7 @@ CVE-2026-10733 (GitLab has remediated an issue in GitLab
CE/EE affecting all ver
NOT-FOR-US: GitLab (used to be packaged in the Debian archive as
src:gitlab, but never in a stable release)
CVE-2026-10142 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
- python-kafka 2.0.2-12 (bug #1139878)
+ [trixie] - python-kafka <no-dsa> (Minor issue)
NOTE: https://github.com/dpkp/kafka-python/pull/3019
NOTE: https://github.com/dpkp/kafka-python/pull/3026
NOTE: Fixed by:
https://github.com/dpkp/kafka-python/commit/6e4831444f972d169cdd11f5c8d50333cea3f19b
(3.0.0)
@@ -1390,6 +1391,7 @@ CVE-2022-48575 (A person with access to a Mac may be able
to bypass Login Window
NOT-FOR-US: Apple
CVE-2026-10143 (kafka-python prior to 2.3.2 contains a denial-of-service
vulnerability ...)
- python-kafka 2.0.2-12 (bug #1139822)
+ [trixie] - python-kafka <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487722
NOTE: https://github.com/dpkp/kafka-python/pull/3019
NOTE: https://github.com/dpkp/kafka-python/pull/3026
@@ -7632,6 +7634,7 @@ CVE-2026-46244 (In the Linux kernel, the following
vulnerability has been resolv
NOTE:
https://git.kernel.org/linus/b6a91f68ebfed9c38e0e9150f58a9b85da07181c (7.1-rc5)
CVE-2026-48019 [CRLF injection in default email rule]
- php-laravel-framework <unfixed> (bug #1139631)
+ [trixie] - php-laravel-framework <no-dsa> (Minor issue)
NOTE:
https://github.com/laravel/framework/security/advisories/GHSA-5vg9-5847-vvmq
CVE-2026-48587 (An issue was discovered in Django 5.2 before 5.2.15 and 6.0
before 6.0 ...)
- python-django 3:5.2.15-1 (bug #1138775)
@@ -9480,6 +9483,7 @@ CVE-2026-9334 (Cpanel::JSON::XS versions before 4.41 for
Perl allow type confusi
NOTE: Fixed by:
https://github.com/rurban/Cpanel-JSON-XS/commit/11a7c550a0d8fac2f84414f24d5df9b2bfe346e2
(4.41)
CVE-2026-XXXX [Attacker-controlled heap out-of-bounds write in libvncclient
Tight decoder]
- libvncserver <unfixed> (bug #1138253)
+ [trixie] - libvncserver <no-dsa> (Minor issue)
NOTE:
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-v9pm-47h4-jcq8
CVE-2026-9831 (A race condition in the shared Extreme Platform ONE IAM Gateway
API-ke ...)
NOT-FOR-US: Extreme Networks
@@ -12062,6 +12066,7 @@ CVE-2026-44886 (Pi.Alert is a WIFI / LAN intruder
detector with web service moni
CVE-2026-44724 (systeminformation is a System and OS information library for
node.js. ...)
- node-systeminformation <not-affected> (Fixed before initial upload to
Debian)
- jupyterlab 4.0.11+ds5+~cs11.25.27-1
+ [trixie] - jupyterlab <no-dsa> (Minor issue)
NOTE: node-systeminformation split from jupyterlab
CVE-2026-44720 (OpenLearnX is an open-source, decentralized learning and
assessment pl ...)
NOT-FOR-US: OpenLearnX
@@ -12407,6 +12412,7 @@ CVE-2026-45022 (go-git is an extensible git
implementation library written in pu
NOTE:
https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp
CVE-2026-44988 (LibVNCClient is a library for easy implementation of a VNC
client. In ...)
- libvncserver 0.9.15+dfsg-5 (bug #1138174)
+ [trixie] - libvncserver <no-dsa> (Minor issue)
NOTE:
https://github.com/LibVNC/libvncserver/security/advisories/GHSA-jcc5-8wj4-7c58
NOTE:
https://github.com/LibVNC/libvncserver/commit/5b270544b85233668b98161323297d418a8f5fd1
CVE-2026-44972 (GuardDog is a CLI tool to identify malicious PyPI packages.
From 2.6.0 ...)
@@ -26585,6 +26591,7 @@ CVE-2026-42509 (Improper Neutralization of Input During
Web Page Generation ('Cr
NOT-FOR-US: Apache software not packaged in Debian
CVE-2026-42503 (gopls by default communicates via pipe. However, -port and
-listen fla ...)
- gopls <unfixed> (bug #1138256)
+ [trixie] - gopls <no-dsa> (Minor issue)
NOTE: https://github.com/golang/go/issues/79211
NOTE: https://go-review.googlesource.com/c/tools/+/774381/
NOTE: Fixed by:
https://github.com/golang/tools/commit/90abdab4cf0af205d3d2212c73526b58c97d0bf6
(gopls/v0.22.0-pre.2)
@@ -28718,6 +28725,7 @@ CVE-2026-38669 (wCMS v.1.4 is vulnerable to Cross Site
Scripting (XSS) when crea
NOT-FOR-US: cCMS
CVE-2026-37461 (An out-of-bounds read in the ParseIP6Extended function
(/bgp/bgp.go) o ...)
- gobgp 4.4.0-1
+ [trixie] - gobgp <no-dsa> (Minor issue)
[bullseye] - gobgp <postponed> (Limited support, follow bookworm
security updates)
NOTE:
https://github.com/osrg/gobgp/commit/362cce3e325f56e7a4f792ccb9689b3bdda9e682
(v4.4.0)
NOTE:
https://github.com/osrg/gobgp/commit/9ce8936672ebc07df524da77fa4c6ae26d92be6d
(v4.4.0)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07af49bd4a1a084b0f0d0ba70b75d93f234efcaa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/07af49bd4a1a084b0f0d0ba70b75d93f234efcaa
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits