[Git][security-tracker-team/security-tracker][master] 4 commits: add libarchive

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sun Apr 5 00:22:08 BST 2026 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88823e6c by Thorsten Alteholz at 2026-04-05T00:59:29+02:00
add libarchive

- - - - -
59eaf1f3 by Thorsten Alteholz at 2026-04-05T01:05:42+02:00
add libexif

- - - - -
4565703d by Thorsten Alteholz at 2026-04-05T01:09:04+02:00
mark CVE-2025-13763, CVE-2025-66215, CVE-2025-66038, CVE-2025-66037 and CVE-2025-49010 as postponed for Bullseye

- - - - -
6dade1c9 by Thorsten Alteholz at 2026-04-05T01:20:05+02:00
add wolfssl

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2942,12 +2942,14 @@ CVE-2025-13763
 	- opensc 0.27.0~rc1-1
 	[trixie] - opensc <no-dsa> (Minor issue)
 	[bookworm] - opensc <no-dsa> (Minor issue)
+	[bullseye] - opensc <postponed> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-2v44-fq35-98vv
 	NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-13763
 CVE-2025-66215 (OpenSC is an open source smart card tools and middleware. Prior to ver ...)
 	- opensc 0.27.0~rc1-1
 	[trixie] - opensc <no-dsa> (Minor issue)
 	[bookworm] - opensc <no-dsa> (Minor issue)
+	[bullseye] - opensc <postponed> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5fc-cw56-hwp2
 	NOTE: https://github.com/OpenSC/OpenSC/pull/3436
 	NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66215
@@ -2957,6 +2959,7 @@ CVE-2025-66038 (OpenSC is an open source smart card tools and middleware. Prior
 	- opensc 0.27.0~rc1-1
 	[trixie] - opensc <no-dsa> (Minor issue)
 	[bookworm] - opensc <no-dsa> (Minor issue)
+	[bullseye] - opensc <postponed> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-72x5-fwjx-2459
 	NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/6db171bcb6fd7cb3b51098fefbb3b28e44f0a79c (0.27.0-rc1)
 	NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038
@@ -2964,6 +2967,7 @@ CVE-2025-66037 (OpenSC is an open source smart card tools and middleware. Prior
 	- opensc 0.27.1-1
 	[trixie] - opensc <no-dsa> (Minor issue)
 	[bookworm] - opensc <no-dsa> (Minor issue)
+	[bullseye] - opensc <postponed> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-m58q-rmjm-mmfx
 	NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037
 	NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/65fc211015cfcac27b10d0876054156c97225f50 (0.27.0)
@@ -2971,6 +2975,7 @@ CVE-2025-49010 (OpenSC is an open source smart card tools and middleware. Prior
 	- opensc 0.27.0~rc1-1
 	[trixie] - opensc <no-dsa> (Minor issue)
 	[bookworm] - opensc <no-dsa> (Minor issue)
+	[bullseye] - opensc <postponed> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/security/advisories/GHSA-q5cf-5wmx-9wh4
 	NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010
 	NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/953986f65db61871bbbff72788d861d67d5140c6 (0.27.0-rc1)


=====================================
data/dla-needed.txt
=====================================
@@ -190,6 +190,13 @@ lemonldap-ng
   NOTE: 20251028: Still working in CVE-2024-52948 (abhijith)
   NOTE: 20251229: Asked yadd (maintainer of package) for help (abhijith)
 --
+libarchive
+  NOTE: 20260405: Added by Front-Desk (ta)
+  NOTE: 20260405: no upstream fix yet
+--
+libexif
+  NOTE: 20260405: Added by Front-Desk (ta)
+--
 libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...
@@ -486,6 +493,10 @@ webkit2gtk
   NOTE: 20260324: Added by Front-Desk (Beuc)
   NOTE: 20260324: Follow DSA-6172-1 and bump to 2.50.6 (Beuc/front-desk)
 --
+wolfssl
+  NOTE: 20260405: Added by Front-Desk (ta)
+  NOTE: 20260405: lots of CVEs piled up
+--
 xmlrpc-c
   NOTE: 20250411: Added by Front-Desk (Beuc)
   NOTE: 20250411: See issues with old embedded expat library:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6c766163c878159878e0817a867bf55466b93a4e...6dade1c95e4fdb0a549543a29ab47da386124f0d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6c766163c878159878e0817a867bf55466b93a4e...6dade1c95e4fdb0a549543a29ab47da386124f0d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260404/99b85312/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list