Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
39c5637e by Moritz Muehlenhoff at 2026-06-25T14:59:42+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1287,6 +1287,7 @@ CVE-2026-42450 (OpenColorIO is a color management 
framework for visual effects a
        NOTE: 
https://github.com/AcademySoftwareFoundation/OpenColorIO/security/advisories/GHSA-rxp3-rrgx-f547
 CVE-2026-35025 (ProFTPD through 1.3.9b and 1.3.10rc2 contains an access 
control bypass ...)
        - proftpd-dfsg <unfixed>
+       [trixie] - proftpd-dfsg <postponed> (Minor issue, revisit when fixed 
upstream)
        NOTE: https://github.com/proftpd/proftpd/issues/2170
 CVE-2026-29034
        REJECTED
@@ -2831,18 +2832,23 @@ CVE-2026-56222 (Capgo before 12.128.2 contains an 
authorization bypass vulnerabi
        NOT-FOR-US: Cap-go
 CVE-2026-56117 (dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a 
heap use-af ...)
        - dhcpcd <unfixed>
+       [trixie] - dhcpcd <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/78ea09ed1633a583dbcde6e7bab9df4639ec8a34
 CVE-2026-56116 (dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a 
memory leak ...)
        - dhcpcd <unfixed>
+       [trixie] - dhcpcd <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/708b4a56bae080a5b18c2e0c4c6fbe103131a2b0
 CVE-2026-56115 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a 
one-byte st ...)
        - dhcpcd <unfixed>
+       [trixie] - dhcpcd <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
 CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a 
one-byte st ...)
        - dhcpcd <unfixed>
+       [trixie] - dhcpcd <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
 CVE-2026-56113 (dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a 
heap use-af ...)
        - dhcpcd <unfixed>
+       [trixie] - dhcpcd <no-dsa> (Minor issue)
        NOTE: Fixed by: 
https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25
 CVE-2026-55736 (Improperly Controlled Modification of Dynamically-Determined 
Object At ...)
        NOT-FOR-US: ash-project ash
@@ -3110,10 +3116,12 @@ CVE-2026-44517
 CVE-2026-11940 (tarfile.extractall() with the 'data' or 'tar'  filter could be 
bypasse ...)
        - python3.14 <unfixed>
        - python3.13 <unfixed>
+       [trixie] - python3.13 <no-dsa> (Minor issue)
        - python3.11 <removed>
        - python3.9 <removed>
        - python2.7 <removed>
        - pypy3 <unfixed>
+       [trixie] - pypy3 <no-dsa> (Minor issue)
        NOTE: https://github.com/python/cpython/issues/151558
        NOTE: https://github.com/python/cpython/pull/151559
        NOTE: 
https://github.com/python/cpython/commit/672825e2f36a57e173959b0d9d409d4560dab8df
 (3.15 branch)
@@ -3408,6 +3416,7 @@ CVE-2026-54298 (Astro is a web framework. Prior to 6.4.6, 
the spreadAttributes f
        NOT-FOR-US: Astro
 CVE-2026-54293 (NLTK (Natural Language Toolkit) is a suite of open source 
Python modul ...)
        - nltk <unfixed>
+       [trixie] - nltk <no-dsa> (Minor issue)
        NOTE: 
https://github.com/nltk/nltk/security/advisories/GHSA-p4gq-832x-fm9v
        NOTE: https://github.com/nltk/nltk/pull/3575
 CVE-2026-54290 (Hono is a Web application framework that provides support for 
any Java ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c5637eb3415163b619a13dc72e6a2c0e647d33

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c5637eb3415163b619a13dc72e6a2c0e647d33
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to