Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
39c5637e by Moritz Muehlenhoff at 2026-06-25T14:59:42+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1287,6 +1287,7 @@ CVE-2026-42450 (OpenColorIO is a color management
framework for visual effects a
NOTE:
https://github.com/AcademySoftwareFoundation/OpenColorIO/security/advisories/GHSA-rxp3-rrgx-f547
CVE-2026-35025 (ProFTPD through 1.3.9b and 1.3.10rc2 contains an access
control bypass ...)
- proftpd-dfsg <unfixed>
+ [trixie] - proftpd-dfsg <postponed> (Minor issue, revisit when fixed
upstream)
NOTE: https://github.com/proftpd/proftpd/issues/2170
CVE-2026-29034
REJECTED
@@ -2831,18 +2832,23 @@ CVE-2026-56222 (Capgo before 12.128.2 contains an
authorization bypass vulnerabi
NOT-FOR-US: Cap-go
CVE-2026-56117 (dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a
heap use-af ...)
- dhcpcd <unfixed>
+ [trixie] - dhcpcd <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/78ea09ed1633a583dbcde6e7bab9df4639ec8a34
CVE-2026-56116 (dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a
memory leak ...)
- dhcpcd <unfixed>
+ [trixie] - dhcpcd <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/708b4a56bae080a5b18c2e0c4c6fbe103131a2b0
CVE-2026-56115 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a
one-byte st ...)
- dhcpcd <unfixed>
+ [trixie] - dhcpcd <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
CVE-2026-56114 (dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a
one-byte st ...)
- dhcpcd <unfixed>
+ [trixie] - dhcpcd <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029
CVE-2026-56113 (dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a
heap use-af ...)
- dhcpcd <unfixed>
+ [trixie] - dhcpcd <no-dsa> (Minor issue)
NOTE: Fixed by:
https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25
CVE-2026-55736 (Improperly Controlled Modification of Dynamically-Determined
Object At ...)
NOT-FOR-US: ash-project ash
@@ -3110,10 +3116,12 @@ CVE-2026-44517
CVE-2026-11940 (tarfile.extractall() with the 'data' or 'tar' filter could be
bypasse ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
- pypy3 <unfixed>
+ [trixie] - pypy3 <no-dsa> (Minor issue)
NOTE: https://github.com/python/cpython/issues/151558
NOTE: https://github.com/python/cpython/pull/151559
NOTE:
https://github.com/python/cpython/commit/672825e2f36a57e173959b0d9d409d4560dab8df
(3.15 branch)
@@ -3408,6 +3416,7 @@ CVE-2026-54298 (Astro is a web framework. Prior to 6.4.6,
the spreadAttributes f
NOT-FOR-US: Astro
CVE-2026-54293 (NLTK (Natural Language Toolkit) is a suite of open source
Python modul ...)
- nltk <unfixed>
+ [trixie] - nltk <no-dsa> (Minor issue)
NOTE:
https://github.com/nltk/nltk/security/advisories/GHSA-p4gq-832x-fm9v
NOTE: https://github.com/nltk/nltk/pull/3575
CVE-2026-54290 (Hono is a Web application framework that provides support for
any Java ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c5637eb3415163b619a13dc72e6a2c0e647d33
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/39c5637eb3415163b619a13dc72e6a2c0e647d33
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits