Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8aad8fa3 by Moritz Muehlenhoff at 2026-06-24T13:35:54+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -325,11 +325,13 @@ CVE-2026-8927
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/5c225384b8d52c67ce8259c6e4203bc57aacb567 
(rc-8_21_0-1, curl-8_21_0)
 CVE-2026-8932
        - curl 8.21.0~rc2-1
+       [trixie] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2026-8932.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 
(curl-7_7)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/7541ae569d82fb308a5e2d94916027da4fa3ba3e 
(rc-8_21_0-1, curl-8_21_0)
 CVE-2026-9079
        - curl 8.21.0~rc2-1
+       [trixie] - curl <no-dsa> (Minor issue)
        [bookworm] - curl <not-affected> (Vulnerable code not present)
        [bullseye] - curl <not-affected> (Vulnerable code not present)
        NOTE: https://curl.se/docs/CVE-2026-9079.html
@@ -337,6 +339,7 @@ CVE-2026-9079
        NOTE: Fixed by:  
https://github.com/curl/curl/commit/88c7e16cceec816a2df45c899d49b1e85513f193 
(rc-8_21_0-1, curl-8_21_0)
 CVE-2026-9080
        - curl 8.21.0~rc2-1
+       [trixie] - curl <no-dsa> (Minor issue)
        [bookworm] - curl <not-affected> (Vulnerable code not present)
        [bullseye] - curl <not-affected> (Vulnerable code not present)
        NOTE: https://curl.se/docs/CVE-2026-9080.html
@@ -344,6 +347,7 @@ CVE-2026-9080
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/5ab34cba42e4ee4282fe8bab43f311d51b9bf9bd 
(rc-8_21_0-1, curl-8_21_0)
 CVE-2026-9545
        - curl 8.21.0~rc2-1
+       [trixie] - curl <no-dsa> (Minor issue)
        [bookworm] - curl <not-affected> (Vulnerable code not present)
        [bullseye] - curl <not-affected> (Vulnerable code not present)
        NOTE: https://curl.se/docs/CVE-2026-9545.html
@@ -359,6 +363,7 @@ CVE-2026-9546
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/862e8a74a84478d82973471b4f49dc2746c1780e 
(rc-8_21_0-1, curl-8_21_0)
 CVE-2026-9547
        - curl 8.21.0~rc2-1
+       [trixie] - curl <no-dsa> (Minor issue)
        NOTE: https://curl.se/docs/CVE-2026-9547.html
        NOTE: Introduced with: 
https://github.com/curl/curl/commit/507cf6a13db0375eadd4655b4c64710db29e9cf2 
(curl-7_69_0)
        NOTE: Fixed by: 
https://github.com/curl/curl/commit/0b8dbbc63c98777e4584cb9fbd71df3464008ad1 
(rc-8_21_0-1, curl-8_21_0)
@@ -617,13 +622,16 @@ CVE-2026-52673 (SQL Injection vulnerability in Cboard 
v.0.4.2 and before allows
        NOT-FOR-US: Cboard
 CVE-2026-50574 (yt-dlp is a command-line audio/video downloader. Prior to 
2026.06.09,  ...)
        - yt-dlp 2026.06.09-1
+       [trixie] - yt-dlp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-vx4q-3cr2-7cg2
 CVE-2026-50023 (yt-dlp is a command-line audio/video downloader. Prior to 
2026.06.09,  ...)
        - yt-dlp 2026.06.09-1
+       [trixie] - yt-dlp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-c6mh-fpjc-4pr3
        NOTE: 
https://github.com/yt-dlp/yt-dlp/commit/e578e265f7c6ca94a74b30e0d8d6196a4d19fb6a
 (2026.06.09)
 CVE-2026-50019 (yt-dlp is a command-line audio/video downloader. From 
2023.09.24 until ...)
        - yt-dlp 2026.06.09-1
+       [trixie] - yt-dlp <no-dsa> (Minor issue)
        NOTE: 
https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-f7j3-774f-rfhj
 CVE-2026-4983 (Open VSX Registry does not sanitize SVG files uploaded as 
extension ic ...)
        NOT-FOR-US: Open VSX Registry
@@ -689,6 +697,7 @@ CVE-2026-13007 (Tenable Identity Exposure contains multiple 
unauthenticated API
        TODO: check
 CVE-2026-12969 (An out-of-bounds read vulnerability exists in dnsmasq's 
find_soa() fun ...)
        - dnsmasq 2.93-1
+       [trixie] - dnsmasq <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2491663
        NOTE: Fixed by: 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=14094e88beca519c53151184cc4553656672b54f
 (v2.93rc1)
 CVE-2026-12958 (Missing symlink validation in Language Servers for AWS may 
allow an ar ...)
@@ -1268,6 +1277,7 @@ CVE-2026-12862 (Untrusted user data was passed verbatim 
to Excel exports for adm
        NOT-FOR-US: rami.io products
 CVE-2026-12725 (A heap-based buffer overflow was found in dnsmasq. When DNSSEC 
validat ...)
        - dnsmasq 2.93-1
+       [trixie] - dnsmasq <no-dsa> (Minor issue)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2490763
        NOTE: Fixed by: 
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=36d081e37477027fd721fea498f3760f529034ad
 (v2.93test10)
 CVE-2026-12628 (IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM 
Storage Pro ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aad8fa352d81270ad4ed478417bf14e60d796a7

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8aad8fa352d81270ad4ed478417bf14e60d796a7
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to