[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Sun Apr 5 23:39:08 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c254abe9 by Moritz Muehlenhoff at 2026-04-06T00:32:23+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3837,6 +3837,7 @@ CVE-2026-33638 (Ech0 is an open-source, self-hosted publishing platform for pers
 	NOT-FOR-US: Ech0
 CVE-2026-33635 (iCalendar is a Ruby library for dealing with iCalendar files in the iC ...)
 	- ruby-icalendar <removed>
+	[bookworm] - ruby-icalendar <ignored> (Minor issue)
 	NOTE: https://github.com/icalendar/icalendar/security/advisories/GHSA-pv9c-9mfh-hvxq
 	NOTE: Fixed by: https://github.com/icalendar/icalendar/commit/b8d23b490363ee5fffaec1d269a8618a912ca265 (v2.12.2)
 CVE-2026-33628 (Invoice Ninja is a source-available invoice, quote, project and time-t ...)
@@ -8488,6 +8489,7 @@ CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the URL
 	- python3.14 <unfixed>
 	- python3.13 <unfixed>
 	- python3.11 <removed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
@@ -15678,6 +15680,7 @@ CVE-2025-69534 (Python-Markdown version 3.8 contain a vulnerability where malfor
 	- python3.14 <not-affected> (Fixed before initial upload to Debian unstable)
 	- python3.13 3.13.4-1
 	- python3.11 <removed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
 	- pypy3 <unfixed>
 	[trixie] - pypy3 <no-dsa> (Minor issue)
@@ -18953,24 +18956,29 @@ CVE-2026-26965 (FreeRDP is a free implementation of the Remote Desktop Protocol.
 CVE-2026-26955 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mr6w-ch7c-mqqj
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/7d8fdce2d0ef337cb86cb37fc0c436c905e04d77 (3.23.0)
 CVE-2026-26271 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 CVE-2026-25997 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5j3-m6jf-3jq4
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/58409406afe7c2a8a71ed2dc8e22075be4f41c0c (3.23.0)
 CVE-2026-25959 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78xg-v4p2-4w3c
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/d3e8b3b9365be96a4f11dda149d71b3287227d0a (3.23.0)
 CVE-2026-25955 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4g54-x8v7-559x
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/169d358734509e82663a0d6a0085ae726d439d8e (3.23.0)
 CVE-2026-25954 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
@@ -18979,21 +18987,25 @@ CVE-2026-25954 (FreeRDP is a free implementation of the Remote Desktop Protocol.
 CVE-2026-25953 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-p6rq-rxpc-rh3p
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5 (3.23.0)
 CVE-2026-25952 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqm-cwjg-7w9x
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/1994e9844212a6dfe0ff12309fef520e888986b5 (3.23.0)
 CVE-2026-25942 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-78q6-67m7-wwf6
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc6b (3.23.0)
 CVE-2026-25941 (FreeRDP is a free implementation of the Remote Desktop Protocol. Versi ...)
 	- freerdp3 3.23.0+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3546-x645-5cf8
 	NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/2e3b77e28ac6a398897d28ba464dcc5dfab9c9e2 (3.23.0)
 CVE-2026-3179 (The FTP Backup on the ADM does not properly sanitize filenames receive ...)
@@ -76934,8 +76946,8 @@ CVE-2025-59937 (go-mail is a comprehensive library for sending mails with Go. In
 	NOT-FOR-US: go-mail
 CVE-2025-59933 (libvips is a demand-driven, horizontally threaded image processing lib ...)
 	- vips 8.17.3-1 (bug #1117049)
-	[trixie] - vips <no-dsa> (Minor issue)
-	[bookworm] - vips <no-dsa> (Minor issue)
+	[trixie] - vips <ignored> (Minor issue)
+	[bookworm] - vips <ignored> (Minor issue)
 	[bullseye] - vips <postponed> (minor issue; low impact, workaround exists)
 	NOTE: https://github.com/libvips/libvips/security/advisories/GHSA-q8px-4w5q-c2r4
 	NOTE: https://github.com/libvips/libvips/commit/a58bfae9223a5466cc81ba9fe6dfb08233cf17d1 (v8.17.2)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c254abe9eb469db249196dcaa1993e8597c1ecd1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c254abe9eb469db249196dcaa1993e8597c1ecd1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260405/3167da72/attachment-0001.htm>
