[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Apr 4 15:50:28 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
44165f68 by Moritz Muehlenhoff at 2026-04-04T16:32:58+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -149,6 +149,8 @@ CVE-2026-27481 (Discourse is an open-source discussion platform. From versions 2
 	NOT-FOR-US: Discourse
 CVE-2026-27447 (OpenPrinting CUPS is an open source printing system for Linux and othe ...)
 	- cups <unfixed>
+	[trixie] - cups <no-dsa> (Minor issue)
+	[bookworm] - cups <no-dsa> (Minor issue)
 	NOTE: https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
 	NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
 CVE-2026-26058 (Zulip is an open-source team collaboration tool. From version 1.4.0 to ...)
@@ -1245,9 +1247,11 @@ CVE-2026-0634 (Code execution in AssistFeedbackService of TECNO Pova7 Pro 5G on
 CVE-2025-65114 (Apache Traffic Server allows request smuggling if chunked messages are ...)
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/02/6
+	NOTE: https://github.com/apache/trafficserver/commit/e5accd7929c5cb96a01cc9afda1f6336dab59b64 (9.2.13)
 CVE-2025-58136 (A bug in POST request handling causes a crash under a certain conditio ...)
 	- trafficserver <unfixed>
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/02/6
+	NOTE: https://github.com/apache/trafficserver/commit/cb9e4a162fe16101f3c0a9baafe6bf5baa17b68c (9.2.13)
 CVE-2025-43264 (The issue was addressed with improved memory handling. This issue is f ...)
 	NOT-FOR-US: Apple
 CVE-2025-43257 (This issue was addressed with improved handling of symlinks. This issu ...)
@@ -3107,8 +3111,7 @@ CVE-2025-9497 (Use of Hard-coded Credentials vulnerability in Microchip Time Pro
 CVE-2018-25225 (SIPP 3.3 contains a stack-based buffer overflow vulnerability that all ...)
 	- sipp <removed>
 CVE-2018-25224 (PMS 0.42 contains a stack-based buffer overflow vulnerability that all ...)
-	- pms <unfixed>
-	NOTE: https://www.exploit-db.com/exploits/44426
+	NOT-FOR-US: Bogus CVE assignment for pms
 CVE-2018-25223 (Crashmail 1.6 contains a stack-based buffer overflow vulnerability tha ...)
 	- crashmail <undetermined>
 	NOTE: https://www.exploit-db.com/exploits/44331
@@ -7652,11 +7655,9 @@ CVE-2019-25588 (BulletProof FTP Server 2019.0.0.50 contains a denial of service
 CVE-2019-25587 (BulletProof FTP Server 2019.0.0.50 contains a denial of service vulner ...)
 	NOT-FOR-US: BulletProof FTP Server
 CVE-2019-25586 (Deluge 1.3.15 contains a denial of service vulnerability that allows l ...)
-	- deluge <undetermined>
-	TODO: check details
+	NOTE: Bogus CVE assignment for Deluge
 CVE-2019-25585 (Deluge 1.3.15 contains a denial of service vulnerability that allows l ...)
-	- deluge <undetermined>
-	TODO: check details
+	NOTE: Bogus CVE assignment for Deluge
 CVE-2019-25584 (RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Serv ...)
 	NOT-FOR-US: RarmaRadio
 CVE-2019-25583 (RarmaRadio 2.72.3 contains a denial of service vulnerability in the Us ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -97,6 +97,8 @@ tiff
 --
 tor (jmm)
 --
+trafficserver/oldstable (jmm)
+--
 valkey
   NMU proposed for review by Peter Wienemann, but should ideally get some commit from maintainers and
   fix in unstable.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44165f68e2ee32d74bca19e6001cc89b1270329a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44165f68e2ee32d74bca19e6001cc89b1270329a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260404/31223cfd/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list