[Git][security-tracker-team/security-tracker][master] 11 commits: dla: openvswitch status update
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Wed Apr 22 13:15:41 BST 2026
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4cae942a by Sylvain Beucler at 2026-04-22T13:33:33+02:00
dla: openvswitch status update
- - - - -
2d1251e4 by Sylvain Beucler at 2026-04-22T13:33:33+02:00
dla: zulucrypt status update
- - - - -
0abb7ea9 by Sylvain Beucler at 2026-04-22T13:33:35+02:00
dla: drop wolfssl
Only no-dsa CVEs, low popcon, no sponsors.
- - - - -
d7367db2 by Sylvain Beucler at 2026-04-22T13:33:36+02:00
lts-do-call-me: reference vitrage
- - - - -
e07dbcfc by Sylvain Beucler at 2026-04-22T13:33:38+02:00
dla: drop log4net
1 minor issue, low popcon, no sponsors.
- - - - -
790ceefd by Sylvain Beucler at 2026-04-22T13:33:41+02:00
dla: drop scitokens-cpp
Minor issues, no rdeps, low popcon, no sponsors.
- - - - -
9b8dfe6a by Sylvain Beucler at 2026-04-22T13:33:43+02:00
dla: drop py-lmdb
Minor issues, no rdeps, low popcon, no sponsors.
- - - - -
e1e110ea by Sylvain Beucler at 2026-04-22T13:33:46+02:00
dla: drop editorconfig-core
1 no-dsa, low popcon, no sponsors.
- - - - -
9aa26857 by Sylvain Beucler at 2026-04-22T13:33:48+02:00
dla: drop derby
1 no-dsa, low popcon, no sponsors.
- - - - -
f0b254fc by Sylvain Beucler at 2026-04-22T13:33:50+02:00
dla: drop dcmtk
1 no-dsa, no sponsors.
- - - - -
de27586c by Sylvain Beucler at 2026-04-22T13:33:53+02:00
dla: drop cbor2
1 minor issue, no sponsors.
- - - - -
3 changed files:
- data/CVE/list
- data/dla-needed.txt
- data/packages/lts-do-call-me
Changes:
=====================================
data/CVE/list
=====================================
Binary files a/data/CVE/list and b/data/CVE/list differ
=====================================
data/dla-needed.txt
=====================================
@@ -72,9 +72,6 @@ ca-certificates
calibre (Abhijith PA)
NOTE: 20260222: Added by Front-Desk (rouca)
--
-cbor2
- NOTE: 20260414: Added by Front-Desk (rouca)
---
ckeditor
NOTE: 20241002: Added by Front-Desk (Beuc)
NOTE: 20241002: Multiple CVEs have been piling up (Beuc/front-desk)
@@ -92,15 +89,9 @@ coturn
cups (Thorsten Alteholz)
NOTE: 20260404: Added by Front-Desk (ta)
--
-dcmtk
- NOTE: 20260414: Added by Front-Desk (rouca)
---
deepdiff
NOTE: 20260417: Added by Front-Desk (rouca)
--
-derby (Thorsten Alteholz)
- NOTE: 20260405: Added by Front-Desk (ta)
---
dnsmasq
NOTE: 20260418: Added by Front-Desk (rouca)
NOTE: 20260418: Fix CVE-2026-6507 PoC is available (rouca/FD)
@@ -114,9 +105,6 @@ docker.io
dovecot (guilhem)
NOTE: 20260401: Added by Front-Desk (ta)
--
-editorconfig-core
- NOTE: 20260419: Added by Front-Desk. Fix CVE-2026-40489 regresion of previously fixed CVE by DLA (rouca)
---
edk2
NOTE: 20251230: Added by Front-Desk (Beuc)
NOTE: 20251230: Lots of postponed issues piled-up (Beuc/front-desk)
@@ -334,9 +322,6 @@ libxslt
linux (Ben Hutchings)
NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
--
-log4net
- NOTE: 20260413: Added by Front-Desk (rouca)
---
lrzip
NOTE: 20260216: Added by Front-Desk (rouca)
--
@@ -427,6 +412,7 @@ openssl
--
openvswitch
NOTE: 20260405: Added by Front-Desk (ta)
+ NOTE: 20260422: Cf. OSPU (if approved) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133882 (Beuc)
--
orthanc
NOTE: 20260419: Added by Front-Desk (rouca)
@@ -479,9 +465,6 @@ php-phpseclib (utkarsh)
policykit-1
NOTE: 20260403: Added by Front-Desk (ta)
--
-py-lmdb
- NOTE: 20260419: Added by Front-Desk (rouca)
---
pyasn1 (eamanu)
NOTE: 20260402: Added by Front-Desk (ta)
NOTE: 20260409: Package is ready for review.
@@ -554,9 +537,6 @@ samba
NOTE: 20260321: Red hat has backported the fix to 4.15 and there is a note
NOTE: 20260321: about pre-4.15: "Samba < 4.15 doesn't have async dns lookups!" (charles)
--
-scitokens-cpp
- NOTE: 20260419: Added by Front-Desk (rouca)
---
smb4k
NOTE: 20251217: Added by Front-Desk (pochu)
--
@@ -595,6 +575,7 @@ vim
--
vitrage
NOTE: 20260419: Added by Front-Desk. Get in touch with zigo/upstream before (rouca)
+ NOTE: 20260419: CVE-2026-28370 is RCE
--
watcher
NOTE: 20250908: Added by Front-Desk (apo)
@@ -607,10 +588,6 @@ webkit2gtk (Emilio)
NOTE: 20260419: Added by Front-Desk (rouca)
NOTE: 20260421: Proposed EOL: https://salsa.debian.org/lts-team/lts-updates-tasks/-/issues/340 (pochu)
--
-wolfssl
- NOTE: 20260405: Added by Front-Desk (ta)
- NOTE: 20260405: lots of CVEs piled up
---
xmlrpc-c
NOTE: 20250411: Added by Front-Desk (Beuc)
NOTE: 20250411: See issues with old embedded expat library:
@@ -631,4 +608,5 @@ zabbix
zulucrypt
NOTE: 20250727: Added by Front-Desk (ta)
NOTE: 20251203: sent a mail to the maintainer asking about plans to address #1108288 (dleidert)
+ NOTE: 20260130: removed from archive without patch; Debian-specific CVE (root escalalation); consider dropping from all active dists (Beuc)
--
=====================================
data/packages/lts-do-call-me
=====================================
@@ -72,6 +72,7 @@ nova
python-oslo.privsep
python-oslo.utils
swift
+vitrage
watcher
# etc. see list at:
# https://lists.debian.org/debian-lts/2022/08/msg00005.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f0ec360f6e25916ac0516546ae75961e9e5cba0...de27586c11f1f7dca50aeb1a852bbf1cb7b49f74
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2f0ec360f6e25916ac0516546ae75961e9e5cba0...de27586c11f1f7dca50aeb1a852bbf1cb7b49f74
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260422/b9f2e8e5/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list