Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
25a60127 by Moritz Muehlenhoff at 2026-06-29T09:01:30+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -364,6 +364,7 @@ CVE-2026-31928 (The DMP-5000 devices are shipped with a 
default administrative w
        NOT-FOR-US: Daktronics
 CVE-2026-29509 (Patool before 4.0.5 contains a path traversal vulnerability in 
the saf ...)
        - patool 4.0.5-0.1
+       [trixie] - patool <no-dsa> (Minor issue)
 CVE-2026-28701 (Various versions of Daktronics Controller Firmware could allow 
authent ...)
        NOT-FOR-US: Daktronics
 CVE-2026-13422 (The HD Quiz plugin for WordPress is vulnerable to Cross-Site 
Request F ...)
@@ -926,6 +927,7 @@ CVE-2026-55686 (Podman is a tool for managing OCI 
containers and pods. From 3.0.
        NOTE: Fixed by: 
https://github.com/podman-container-tools/podman/commit/7ce2e00ab140c11a68301f0b161f51984131a858
 (v5.7.1)
 CVE-2026-55677 (Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's 
router a ...)
        - golang-github-labstack-echo <unfixed>
+       [trixie] - golang-github-labstack-echo <no-dsa> (Minor issue)
        - golang-github-labstack-echo.v3 <removed>
        - golang-github-labstack-echo.v2 <removed>
        NOTE: 
https://github.com/labstack/echo/security/advisories/GHSA-vfp3-v2gw-7wfq
@@ -4542,6 +4544,7 @@ CVE-2026-23513 (FOSSBilling is a free, open-source 
billing and client management
        NOT-FOR-US: FOSSBilling
 CVE-2026-13006 (ACE vulnerability in conditional configuration file processing 
 by QOS ...)
        - logback <unfixed> (bug #1140922)
+       [trixie] - logback <no-dsa> (Minor issue)
        NOTE: https://logback.qos.ch/news.html#1.5.35
 CVE-2026-12892 (A flaw was found in GStreamer's gst-plugins-bad package. When 
processi ...)
        - gst-plugins-bad1.0 <unfixed>
@@ -50350,7 +50353,9 @@ CVE-2026-31282 (Totara LMS v19.1.5 and before is 
vulnerable to Incorrect Access
 CVE-2026-31281 (Totara LMS v19.1.5 and before is vulnerable to HTML Injection. 
An atta ...)
        NOT-FOR-US: Totara LMS
 CVE-2026-30999 (A heap buffer overflow in the av_bprint_finalize() function of 
FFmpeg  ...)
-       NOTE: Bogus CVE assignment for ffmpeg, "memory leak" in CLI tool
+       - ffmpeg <unfixed> (unimportant)
+       NOTE: 
https://github.com/ffmpeg/fFmpeg/commit/144af8f81abc1385631b4e1f4672cd415a9c6e05
+       NOTE: No security impact, memory leak in CLI tool
 CVE-2026-30998 (An improper resource deallocation and closure vulnerability in 
the too ...)
        NOTE: Bogus CVE assignment for ffmpeg, gets cleaned up by the OS anyway
 CVE-2026-30997 (An out-of-bounds read in the read_global_param() function 
(libavcodec/ ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a6012784c5745bd0cd13611d81adc109893101

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/25a6012784c5745bd0cd13611d81adc109893101
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to