[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2026-33554 as postponed for Bullseye

Thorsten Alteholz (@alteholz) alteholz at debian.org
Fri Apr 3 11:42:45 BST 2026 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a39229ef by Thorsten Alteholz at 2026-04-03T12:41:52+02:00
mark CVE-2026-33554 as postponed for Bullseye

- - - - -
48d44036 by Thorsten Alteholz at 2026-04-03T12:41:54+02:00
mark CVE-2025-11143 as postponed for Bullseye

- - - - -
f1bbd4e0 by Thorsten Alteholz at 2026-04-03T12:41:56+02:00
mark CVE-2025-34297 as postponed for Bullseye

- - - - -
43322850 by Thorsten Alteholz at 2026-04-03T12:41:58+02:00
mark CVE-2026-5037 as postponed for Bullseye

- - - - -
72cc867c by Thorsten Alteholz at 2026-04-03T12:42:00+02:00
mark CVE-2026-32711 as postponed for Bullseye

- - - - -
ec613d08 by Thorsten Alteholz at 2026-04-03T12:42:03+02:00
mark CVE-2026-4538 as postponed for Bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2285,6 +2285,7 @@ CVE-2026-5037 (A vulnerability was determined in mxml up to 4.0.4. This issue af
 	- mxml 4.0.4-4 (bug #1132328)
 	[trixie] - mxml <no-dsa> (Minor issue)
 	[bookworm] - mxml <no-dsa> (Minor issue)
+	[bullseye] - mxml <postponed> (Minor issue)
 	NOTE: https://github.com/michaelrsweet/mxml/issues/350
 	NOTE: Fixed by: https://github.com/michaelrsweet/mxml/commit/6e27354466092a1ac65601e01ce6708710bb9fa5
 CVE-2026-5036 (A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerabilit ...)
@@ -5534,6 +5535,7 @@ CVE-2026-33554 (ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overf
 	- freeipmi 1.6.17-1 (bug #1132018)
 	[trixie] - freeipmi <no-dsa> (Minor issue)
 	[bookworm] - freeipmi <no-dsa> (Minor issue)
+	[bullseye] - freeipmi <postponed> (Minor issue)
 	NOTE: https://savannah.gnu.org/bugs/?68140
 	NOTE: https://savannah.gnu.org/bugs/?68141
 	NOTE: https://savannah.gnu.org/bugs/?68142
@@ -6924,6 +6926,7 @@ CVE-2026-4538 (A vulnerability was identified in PyTorch 2.10.0. The affected el
 	- pytorch <unfixed>
 	[trixie] - pytorch <no-dsa> (Minor issue)
 	[bookworm] - pytorch <no-dsa> (Minor issue)
+	[bullseye] - pytorch <postponed> (Minor issue)
 	NOTE: https://github.com/pytorch/pytorch/pull/176791
 CVE-2026-4537 (A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-1640 ...)
 	NOT-FOR-US: Cudy TR1200
@@ -8081,6 +8084,7 @@ CVE-2026-32711 (pydicom is a pure Python package for working with DICOM files. V
 	- pydicom <unfixed> (bug #1131492)
 	[trixie] - pydicom <no-dsa> (Minor issue)
 	[bookworm] - pydicom <no-dsa> (Minor issue)
+	[bullseye] - pydicom <postponed> (Minor issue)
 	NOTE: https://github.com/pydicom/pydicom/security/advisories/GHSA-v856-2rf8-9f28
 	NOTE: Fixed by: https://github.com/pydicom/pydicom/commit/6414f01a053dff925578799f5a7208d2ae585e82 (v3.0.2)
 CVE-2026-32697 (SuiteCRM is an open-source, enterprise-ready Customer Relationship Man ...)
@@ -14691,6 +14695,7 @@ CVE-2025-11143 (The Jetty URI parser has some key differences to other common pa
 	- jetty9 <unfixed>
 	[trixie] - jetty9 <no-dsa> (Minor issue)
 	[bookworm] - jetty9 <no-dsa> (Minor issue)
+	[bullseye] - jetty9 <postponed> (Minor issue)
 	- jetty <removed>
 	NOTE: https://github.com/jetty/jetty.project/security/advisories/GHSA-wjpw-4j6x-6rwh
 	NOTE: Fixed by: https://github.com/jetty/jetty.project/commit/28d9af2a2a3346d7edd35e3b6372a68c5a3be4a5 (jetty-12.1.5)
@@ -56087,6 +56092,7 @@ CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an int
 	- kissfft <unfixed> (bug #1131147)
 	[trixie] - kissfft <no-dsa> (Minor issue)
 	[bookworm] - kissfft <no-dsa> (Minor issue)
+	[bullseye] - kissfft <postponed> (Minor issue)
 	NOTE: https://github.com/mborgerding/kissfft/issues/120
 	NOTE: Fixed by: https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
 CVE-2025-2879 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b262fe9632e5e8405126d9cb351f93de6de76468...ec613d0898fb6c5d2d8fe11f5885c9f301c8b342

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/b262fe9632e5e8405126d9cb351f93de6de76468...ec613d0898fb6c5d2d8fe11f5885c9f301c8b342
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/df7a79ea/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list