Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfd8c065 by Moritz Muehlenhoff at 2026-06-21T23:26:50+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -605,9 +605,11 @@ CVE-2016-20085 (Realtek High Definition Audio Driver
6.0.1.6730 contains an unqu
TODO: check
CVE-2026-55568
- guzzle 7.12.1-1
+ [trixie] - guzzle <no-dsa> (Minor issue)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-wpwq-4j6v-78m3
CVE-2026-55767
- guzzle 7.12.1-1
+ [trixie] - guzzle <no-dsa> (Minor issue)
NOTE:
https://github.com/guzzle/guzzle/security/advisories/GHSA-cwxw-98qj-8qjx
CVE-2026-52910 (In the Linux kernel, the following vulnerability has been
resolved: b ...)
{DSA-6355-1}
@@ -744,7 +746,13 @@ CVE-2026-45696 (OpenEXR is the reference implementation
and specification for th
NOTE: Fixed by: by
https://github.com/AcademySoftwareFoundation/openexr/commit/c7af2d233b7b2a4452c11f26cf47584cc2b35721
(v3.4.13-rc)
CVE-2026-44663 (OpenEXR is the reference implementation and specification for
the EXR ...)
- openexr <unfixed>
+ [trixie] - openexr <not-affected> (Vulnerable code not present)
+ [bookworm] - openexr <not-affected> (Vulnerable code not present)
+ [bullseye] - openexr <not-affected> (Vulnerable code not present)
NOTE:
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-777r-f9x8-7r84
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2403
+ NOTE: Introduced by
https://github.com/AcademySoftwareFoundation/openexr/commit/50ba96b1dbe353a98a626c7fd0ff1e50cc8c188f
(v3.4-alpha)
+ NOTE: Fixed by
https://github.com/AcademySoftwareFoundation/openexr/commit/3e2a99a55b1ee3dc5b962bf2cfde86eb24cc6897
(v3.4.13-rc)
CVE-2026-43994 (Coturn is a free open source implementation of TURN and STUN
Server. V ...)
- coturn 4.12.0-1
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-74pg-rfh2-5qw5
@@ -3913,6 +3921,7 @@ CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE
and CONFIG_XTENSA_MMU, t
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples
NetworkConfiguration/ ...)
- dhcpcd 1:10.3.1-1
+ [trixie] - dhcpcd <no-dsa> (Minor issue)
NOTE: https://github.com/NetworkConfiguration/dhcpcd/issues/567
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
(v10.3.1)
CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
@@ -35746,9 +35755,11 @@ CVE-2025-10503 (The authentication endpoint accepts
user-supplied input without
NOT-FOR-US: WSO2
CVE-2026-XXXX [RUSTSEC-2026-0112]
- rust-astral-tokio-tar 0.6.1-1
+ [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0112.html
CVE-2026-XXXX [RUSTSEC-2026-0113]
- rust-astral-tokio-tar 0.6.1-1
+ [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0113.html
CVE-2026-7111 (Text::CSV_XS versions before 1.62 for Perl have a
use-after-free when ...)
- libtext-csv-xs-perl 1.62-1 (bug #1135232)
=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,7 @@ dulwich
erlang
--
expat (aron)
+ wait for 2.8.2
--
fastnetmon (jmm)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd8c06545b72da0b325127f5f74f0974be0a35f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd8c06545b72da0b325127f5f74f0974be0a35f
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits