Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
8aad8fa3 by Moritz Muehlenhoff at 2026-06-24T13:35:54+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -325,11 +325,13 @@ CVE-2026-8927
NOTE: Fixed by:
https://github.com/curl/curl/commit/5c225384b8d52c67ce8259c6e4203bc57aacb567
(rc-8_21_0-1, curl-8_21_0)
CVE-2026-8932
- curl 8.21.0~rc2-1
+ [trixie] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2026-8932.html
NOTE: Introduced with:
https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4
(curl-7_7)
NOTE: Fixed by:
https://github.com/curl/curl/commit/7541ae569d82fb308a5e2d94916027da4fa3ba3e
(rc-8_21_0-1, curl-8_21_0)
CVE-2026-9079
- curl 8.21.0~rc2-1
+ [trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
NOTE: https://curl.se/docs/CVE-2026-9079.html
@@ -337,6 +339,7 @@ CVE-2026-9079
NOTE: Fixed by:
https://github.com/curl/curl/commit/88c7e16cceec816a2df45c899d49b1e85513f193
(rc-8_21_0-1, curl-8_21_0)
CVE-2026-9080
- curl 8.21.0~rc2-1
+ [trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
NOTE: https://curl.se/docs/CVE-2026-9080.html
@@ -344,6 +347,7 @@ CVE-2026-9080
NOTE: Fixed by:
https://github.com/curl/curl/commit/5ab34cba42e4ee4282fe8bab43f311d51b9bf9bd
(rc-8_21_0-1, curl-8_21_0)
CVE-2026-9545
- curl 8.21.0~rc2-1
+ [trixie] - curl <no-dsa> (Minor issue)
[bookworm] - curl <not-affected> (Vulnerable code not present)
[bullseye] - curl <not-affected> (Vulnerable code not present)
NOTE: https://curl.se/docs/CVE-2026-9545.html
@@ -359,6 +363,7 @@ CVE-2026-9546
NOTE: Fixed by:
https://github.com/curl/curl/commit/862e8a74a84478d82973471b4f49dc2746c1780e
(rc-8_21_0-1, curl-8_21_0)
CVE-2026-9547
- curl 8.21.0~rc2-1
+ [trixie] - curl <no-dsa> (Minor issue)
NOTE: https://curl.se/docs/CVE-2026-9547.html
NOTE: Introduced with:
https://github.com/curl/curl/commit/507cf6a13db0375eadd4655b4c64710db29e9cf2
(curl-7_69_0)
NOTE: Fixed by:
https://github.com/curl/curl/commit/0b8dbbc63c98777e4584cb9fbd71df3464008ad1
(rc-8_21_0-1, curl-8_21_0)
@@ -617,13 +622,16 @@ CVE-2026-52673 (SQL Injection vulnerability in Cboard
v.0.4.2 and before allows
NOT-FOR-US: Cboard
CVE-2026-50574 (yt-dlp is a command-line audio/video downloader. Prior to
2026.06.09, ...)
- yt-dlp 2026.06.09-1
+ [trixie] - yt-dlp <no-dsa> (Minor issue)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-vx4q-3cr2-7cg2
CVE-2026-50023 (yt-dlp is a command-line audio/video downloader. Prior to
2026.06.09, ...)
- yt-dlp 2026.06.09-1
+ [trixie] - yt-dlp <no-dsa> (Minor issue)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-c6mh-fpjc-4pr3
NOTE:
https://github.com/yt-dlp/yt-dlp/commit/e578e265f7c6ca94a74b30e0d8d6196a4d19fb6a
(2026.06.09)
CVE-2026-50019 (yt-dlp is a command-line audio/video downloader. From
2023.09.24 until ...)
- yt-dlp 2026.06.09-1
+ [trixie] - yt-dlp <no-dsa> (Minor issue)
NOTE:
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-f7j3-774f-rfhj
CVE-2026-4983 (Open VSX Registry does not sanitize SVG files uploaded as
extension ic ...)
NOT-FOR-US: Open VSX Registry
@@ -689,6 +697,7 @@ CVE-2026-13007 (Tenable Identity Exposure contains multiple
unauthenticated API
TODO: check
CVE-2026-12969 (An out-of-bounds read vulnerability exists in dnsmasq's
find_soa() fun ...)
- dnsmasq 2.93-1
+ [trixie] - dnsmasq <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491663
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=14094e88beca519c53151184cc4553656672b54f
(v2.93rc1)
CVE-2026-12958 (Missing symlink validation in Language Servers for AWS may
allow an ar ...)
@@ -1268,6 +1277,7 @@ CVE-2026-12862 (Untrusted user data was passed verbatim
to Excel exports for adm
NOT-FOR-US: rami.io products
CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC
validat ...)
- dnsmasq 2.93-1
+ [trixie] - dnsmasq <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2490763
NOTE: Fixed by:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=36d081e37477027fd721fea498f3760f529034ad
(v2.93test10)
CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM
Storage Pro ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aad8fa352d81270ad4ed478417bf14e60d796a7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aad8fa352d81270ad4ed478417bf14e60d796a7
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits