Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
23e2cd46 by Moritz Muehlenhoff at 2026-06-18T12:12:10+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,6 +13,7 @@ CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions;
latest commit 459ca
NOT-FOR-US: Nur-Alam39 bus-ticket
CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to
properly v ...)
- tinyproxy <unfixed>
+ [trixie] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/pull/606
NOTE: Fixed by:
https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce
CVE-2026-55201 (Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a
path trave ...)
@@ -31,11 +32,13 @@ CVE-2026-54445 (vantage6 is an open-source infrastructure
for privacy preserving
NOT-FOR-US: vantage6
CVE-2026-54388 (Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to
reject req ...)
- tinyproxy <unfixed>
+ [trixie] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
NOTE: Fixed by:
https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb
CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to
reconcile ...)
- tinyproxy <unfixed>
+ [trixie] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
NOTE: Fixed by:
https://github.com/tinyproxy/tinyproxy/commit/623bfc093df009296f0b85d40bc677ef9d5c09bb
@@ -67,6 +70,7 @@ CVE-2026-48991 (XianYuLauncher is a Minecraft Java Edition
launcher. In versions
NOT-FOR-US: XianYuLauncher
CVE-2026-48990 (joserfc is a Python library that provides an implementation of
several ...)
- joserfc 1.6.8-1
+ [trixie] - joserfc <no-dsa> (Minor issue)
NOTE:
https://github.com/authlib/joserfc/security/advisories/GHSA-wphv-vfrh-23q5
CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI
agents with W ...)
NOT-FOR-US: Windows-MCP
=====================================
data/dsa-needed.txt
=====================================
@@ -93,6 +93,8 @@ runc
rust-wasmtime
for CVE-2026-34987 CVE-2026-34971, rest would also be fine to ignore
--
+shaarli
+--
sogo
Peter Wienemann proposed debdiff for review
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2cd46832fa760e68fd19d6be4d1f0229c7a59
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2cd46832fa760e68fd19d6be4d1f0229c7a59
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits