[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 7 10:40:16 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d8370482 by Moritz Muehlenhoff at 2026-04-07T11:32:47+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8644,6 +8644,8 @@ CVE-2019-25590 (Axessh 4.2 contains a denial of service vulnerability in the log
 	NOT-FOR-US: Axessh
 CVE-2026-33306 (bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt() password hashin ...)
 	- ruby-bcrypt 3.1.22-1
+	[trixie] - ruby-bcrypt <no-dsa> (Minor issue)
+	[bookworm] - ruby-bcrypt <no-dsa> (Minor issue)
 	NOTE: https://github.com/bcrypt-ruby/bcrypt-ruby/security/advisories/GHSA-f27w-vcwj-c954
 	NOTE: Fixed by: https://github.com/bcrypt-ruby/bcrypt-ruby/commit/5faa2748331d3edc661c127ef2fbb3afcb6b02a4 (v3.1.22)
 CVE-2026-23538
@@ -18713,6 +18715,8 @@ CVE-2026-21619 (Uncontrolled Resource Consumption, Deserialization of Untrusted
 	- erlang-hex <unfixed>
 	[trixie] - erlang-hex <no-dsa> (Minor issue)
 	- rebar3 3.27.0-1
+	[trixie] - rebar3 <no-dsa> (Minor issue)
+	[bookworm] - rebar3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/advisories/GHSA-hx9w-f2w9-9g96
 	NOTE: https://github.com/hexpm/hex_core/commit/cdf726095bca85ad2549d146df1e831ae93c2b13 (v0.12.1)
 	NOTE: https://github.com/hexpm/hex/commit/636739f3322514e9303ca335fb630696fcbb3c95 (v2.3.2)
@@ -77831,8 +77835,8 @@ CVE-2025-11163 (The SmartCrawl SEO checker, analyzer & optimizer plugin for Word
 	NOT-FOR-US: WordPress plugin
 CVE-2025-11149 (This affects all versions of the package node-static; all versions of  ...)
 	- node-static <removed> (bug #1117504)
-	[trixie] - node-static <no-dsa> (Minor issue)
-	[bookworm] - node-static <no-dsa> (Minor issue)
+	[trixie] - node-static <ignored> (Minor issue)
+	[bookworm] - node-static <ignored> (Minor issue)
 	[bullseye] - node-static <no-dsa> (Minor issue)
 CVE-2025-11148 (All versions of the package check-branches are vulnerable to Command I ...)
 	NOT-FOR-US: check-branches Node.js package



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d837048218ed12127e2feef2952ecada7f73de2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d837048218ed12127e2feef2952ecada7f73de2c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260407/4fe75e87/attachment.htm>

More information about the debian-security-tracker-commits mailing list