[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Apr 3 17:24:31 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7ddf8be5 by Moritz Mühlenhoff at 2026-04-03T18:24:11+02:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -716,19 +716,25 @@ CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This impac
NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. This a ...)
- libstb <unfixed>
- TODO: check upstream details
+ [trixie] - libstb <no-dsa> (Minor issue)
+ [bookworm] - libstb <no-dsa> (Minor issue)
+ NOTE: https://github.com/nothings/stb/issues/1928 (issue #15)
CVE-2026-5316 (A vulnerability was identified in Nothings stb up to 1.22. The impacte ...)
- libstb <unfixed>
- TODO: check upstream details
+ [trixie] - libstb <no-dsa> (Minor issue)
+ [bookworm] - libstb <no-dsa> (Minor issue)
CVE-2026-5315 (A vulnerability was determined in Nothings stb up to 1.26. The affecte ...)
- libstb <unfixed>
- TODO: check upstream details
+ [trixie] - libstb <no-dsa> (Minor issue)
+ [bookworm] - libstb <no-dsa> (Minor issue)
CVE-2026-5314 (A vulnerability was found in Nothings stb up to 1.26. Impacted is the ...)
- libstb <unfixed>
- TODO: check upstream details
+ [trixie] - libstb <no-dsa> (Minor issue)
+ [bookworm] - libstb <no-dsa> (Minor issue)
CVE-2026-5313 (A vulnerability has been found in Nothings stb up to 2.30. This issue ...)
- libstb <unfixed>
- TODO: check upstream details
+ [trixie] - libstb <no-dsa> (Minor issue)
+ [bookworm] - libstb <no-dsa> (Minor issue)
CVE-2026-5312 (A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, ...)
NOT-FOR-US: D-Link
CVE-2026-5311 (A security flaw has been discovered in D-Link DNS-120, DNR-202L, DNS-3 ...)
@@ -5561,7 +5567,9 @@ CVE-2026-31788 (In the Linux kernel, the following vulnerability has been resolv
CVE-2026-4775 (A flaw was found in the libtiff library. A remote attacker could explo ...)
- tiff <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2450768
- TODO: check details
+ NOTE: https://gitlab.com/libtiff/libtiff/-/work_items/807
+ NOTE: https://gitlab.com/libtiff/libtiff/-/work_items/787
+ NOTE: https://gitlab.com/libtiff/libtiff/-/commit/782a11d6b5b61c6dc21e714950a4af5bf89f023c
CVE-2026-4649 (Apache Artemis before version 2.52.0 is affected by an authentication ...)
NOT-FOR-US: Apache Artemis as used in KNIME Business Hub
CVE-2026-33769 (Astro is a web framework. From version 2.10.10 to before version 5.18. ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,8 @@ dovecot (jmm)
--
frr
--
+gdk-pixbuf
+--
gh/oldstable
Santiago Vila might work on preparing an update
--
@@ -94,6 +96,8 @@ sympa/oldstable
systemd
Ping maintainer about updates
--
+tiff
+--
tor (jmm)
--
valkey
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ddf8be55567961edd7b6775967e8ccba9c50276
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ddf8be55567961edd7b6775967e8ccba9c50276
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260403/386353ba/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list