Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
cfd8c065 by Moritz Muehlenhoff at 2026-06-21T23:26:50+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -605,9 +605,11 @@ CVE-2016-20085 (Realtek High Definition Audio Driver 
6.0.1.6730 contains an unqu
        TODO: check
 CVE-2026-55568
        - guzzle 7.12.1-1
+       [trixie] - guzzle <no-dsa> (Minor issue)
        NOTE: 
https://github.com/guzzle/guzzle/security/advisories/GHSA-wpwq-4j6v-78m3
 CVE-2026-55767
        - guzzle 7.12.1-1
+       [trixie] - guzzle <no-dsa> (Minor issue)
        NOTE: 
https://github.com/guzzle/guzzle/security/advisories/GHSA-cwxw-98qj-8qjx
 CVE-2026-52910 (In the Linux kernel, the following vulnerability has been 
resolved:  b ...)
        {DSA-6355-1}
@@ -744,7 +746,13 @@ CVE-2026-45696 (OpenEXR is the reference implementation 
and specification for th
        NOTE: Fixed by: by 
https://github.com/AcademySoftwareFoundation/openexr/commit/c7af2d233b7b2a4452c11f26cf47584cc2b35721
 (v3.4.13-rc)
 CVE-2026-44663 (OpenEXR is the reference implementation and specification for 
the EXR  ...)
        - openexr <unfixed>
+       [trixie] - openexr <not-affected> (Vulnerable code not present)
+       [bookworm] - openexr <not-affected> (Vulnerable code not present)
+       [bullseye] - openexr <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-777r-f9x8-7r84
+       NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2403
+       NOTE: Introduced by 
https://github.com/AcademySoftwareFoundation/openexr/commit/50ba96b1dbe353a98a626c7fd0ff1e50cc8c188f
 (v3.4-alpha)
+       NOTE: Fixed by 
https://github.com/AcademySoftwareFoundation/openexr/commit/3e2a99a55b1ee3dc5b962bf2cfde86eb24cc6897
 (v3.4.13-rc)
 CVE-2026-43994 (Coturn is a free open source implementation of TURN and STUN 
Server. V ...)
        - coturn 4.12.0-1
        NOTE: 
https://github.com/coturn/coturn/security/advisories/GHSA-74pg-rfh2-5qw5
@@ -3913,6 +3921,7 @@ CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE 
and CONFIG_XTENSA_MMU, t
        NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples 
NetworkConfiguration/ ...)
        - dhcpcd 1:10.3.1-1
+       [trixie] - dhcpcd <no-dsa> (Minor issue)
        NOTE: https://github.com/NetworkConfiguration/dhcpcd/issues/567
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7
 (v10.3.1)
 CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
@@ -35746,9 +35755,11 @@ CVE-2025-10503 (The authentication endpoint accepts 
user-supplied input without
        NOT-FOR-US: WSO2
 CVE-2026-XXXX [RUSTSEC-2026-0112]
        - rust-astral-tokio-tar 0.6.1-1
+       [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0112.html
 CVE-2026-XXXX [RUSTSEC-2026-0113]
        - rust-astral-tokio-tar 0.6.1-1
+       [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
        NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0113.html
 CVE-2026-7111 (Text::CSV_XS versions before 1.62 for Perl have a 
use-after-free when  ...)
        - libtext-csv-xs-perl 1.62-1 (bug #1135232)


=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,7 @@ dulwich
 erlang
 --
 expat (aron)
+  wait for 2.8.2
 --
 fastnetmon (jmm)
 --



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd8c06545b72da0b325127f5f74f0974be0a35f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd8c06545b72da0b325127f5f74f0974be0a35f
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to