Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
25a60127 by Moritz Muehlenhoff at 2026-06-29T09:01:30+02:00
trixie triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -364,6 +364,7 @@ CVE-2026-31928 (The DMP-5000 devices are shipped with a
default administrative w
NOT-FOR-US: Daktronics
CVE-2026-29509 (Patool before 4.0.5 contains a path traversal vulnerability in
the saf ...)
- patool 4.0.5-0.1
+ [trixie] - patool <no-dsa> (Minor issue)
CVE-2026-28701 (Various versions of Daktronics Controller Firmware could allow
authent ...)
NOT-FOR-US: Daktronics
CVE-2026-13422 (The HD Quiz plugin for WordPress is vulnerable to Cross-Site
Request F ...)
@@ -926,6 +927,7 @@ CVE-2026-55686 (Podman is a tool for managing OCI
containers and pods. From 3.0.
NOTE: Fixed by:
https://github.com/podman-container-tools/podman/commit/7ce2e00ab140c11a68301f0b161f51984131a858
(v5.7.1)
CVE-2026-55677 (Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's
router a ...)
- golang-github-labstack-echo <unfixed>
+ [trixie] - golang-github-labstack-echo <no-dsa> (Minor issue)
- golang-github-labstack-echo.v3 <removed>
- golang-github-labstack-echo.v2 <removed>
NOTE:
https://github.com/labstack/echo/security/advisories/GHSA-vfp3-v2gw-7wfq
@@ -4542,6 +4544,7 @@ CVE-2026-23513 (FOSSBilling is a free, open-source
billing and client management
NOT-FOR-US: FOSSBilling
CVE-2026-13006 (ACE vulnerability in conditional configuration file processing
by QOS ...)
- logback <unfixed> (bug #1140922)
+ [trixie] - logback <no-dsa> (Minor issue)
NOTE: https://logback.qos.ch/news.html#1.5.35
CVE-2026-12892 (A flaw was found in GStreamer's gst-plugins-bad package. When
processi ...)
- gst-plugins-bad1.0 <unfixed>
@@ -50350,7 +50353,9 @@ CVE-2026-31282 (Totara LMS v19.1.5 and before is
vulnerable to Incorrect Access
CVE-2026-31281 (Totara LMS v19.1.5 and before is vulnerable to HTML Injection.
An atta ...)
NOT-FOR-US: Totara LMS
CVE-2026-30999 (A heap buffer overflow in the av_bprint_finalize() function of
FFmpeg ...)
- NOTE: Bogus CVE assignment for ffmpeg, "memory leak" in CLI tool
+ - ffmpeg <unfixed> (unimportant)
+ NOTE:
https://github.com/ffmpeg/fFmpeg/commit/144af8f81abc1385631b4e1f4672cd415a9c6e05
+ NOTE: No security impact, memory leak in CLI tool
CVE-2026-30998 (An improper resource deallocation and closure vulnerability in
the too ...)
NOTE: Bogus CVE assignment for ffmpeg, gets cleaned up by the OS anyway
CVE-2026-30997 (An out-of-bounds read in the read_global_param() function
(libavcodec/ ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a6012784c5745bd0cd13611d81adc109893101
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a6012784c5745bd0cd13611d81adc109893101
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits