[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Apr 7 07:39:24 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a86b29bf by Moritz Muehlenhoff at 2026-04-07T08:39:13+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9073,6 +9073,7 @@ CVE-2024-13785 (The The Contact Form, Survey, Quiz & Popup Form Builder \u2013 A
CVE-2026-4519 (The webbrowser.open() API would accept leading dashes in the URL which ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
@@ -10332,6 +10333,7 @@ CVE-2026-4396 (Improper certificate validation in Devolutions Hub Reporting Serv
CVE-2026-3479 (pkgutil.get_data() did not validate the resource argument as documente ...)
- python3.14 <unfixed>
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
@@ -11262,6 +11264,7 @@ CVE-2026-4227 (A security vulnerability has been detected in LB-LINK BL-WR9000 2
CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler parses an in ...)
- python3.14 3.14.3-4
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
- python2.7 <removed>
@@ -11279,6 +11282,7 @@ CVE-2026-4224 (When an Expat parser with a registered ElementDeclHandler parses
CVE-2026-3644 (The fix for CVE-2026-0672, which rejected control characters in http.c ...)
- python3.14 3.14.3-4
- python3.13 <unfixed>
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
- python3.9 <removed>
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/H6CADMBCDRFGWCMOXWUIHFJNV43GABJ7/
@@ -18589,21 +18593,29 @@ CVE-2026-3285 (A vulnerability was determined in berry-lang berry up to 1.1.0. T
NOT-FOR-US: berry-lang berry
CVE-2026-3284 (A vulnerability was found in libvips 8.19.0. Impacted is the function ...)
- vips 8.18.0-3 (bug #1129310)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4879
NOTE: https://github.com/libvips/libvips/pull/4887
NOTE: Fixed by: https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70
CVE-2026-3283 (A vulnerability has been found in libvips 8.19.0. This issue affects t ...)
- vips 8.18.0-3 (bug #1129310)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4880
NOTE: https://github.com/libvips/libvips/pull/4887
NOTE: Fixed by: https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70
CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability affects th ...)
- vips 8.18.0-3 (bug #1129311)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4881
NOTE: https://github.com/libvips/libvips/pull/4886
NOTE: Fixed by: https://github.com/libvips/libvips/commit/7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91
CVE-2026-3281 (A vulnerability was detected in libvips 8.19.0. This affects the funct ...)
- vips 8.18.0-3 (bug #1129312)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4878
NOTE: https://github.com/libvips/libvips/pull/4895
NOTE: Fixed by: https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088
@@ -19628,16 +19640,22 @@ CVE-2026-3148 (A vulnerability was determined in SourceCodester Simple and Nice
NOT-FOR-US: SourceCodester
CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects the fu ...)
- vips 8.18.0-3 (bug #1129314)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4874
NOTE: https://github.com/libvips/libvips/pull/4894
NOTE: Fixed by: https://github.com/libvips/libvips/commit/b3ab458a25e0e261cbd1788474bbc763f7435780
CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The impacted e ...)
- vips 8.18.0-3 (bug #1129315)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4875
NOTE: https://github.com/libvips/libvips/pull/4888
NOTE: Fixed by: https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece
CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected element is ...)
- vips 8.18.0-3 (bug #1129315)
+ [trixie] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4876
NOTE: https://github.com/libvips/libvips/pull/4888
NOTE: Fixed by: https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86b29bf3f82202beb48f216e096f47eefab4bb5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a86b29bf3f82202beb48f216e096f47eefab4bb5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/ae06dc6a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list