[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Apr 23 14:14:27 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d3a33eab by Moritz Muehlenhoff at 2026-04-23T15:14:16+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -369,162 +369,250 @@ CVE-2026-35382
REJECTED
CVE-2026-35381 (A logic error in the cut utility of uutils coreutils causes the utilit ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11394
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/483f13e91830c468262aa1e010e753d6ae99c898 (0.8.0)
CVE-2026-35380 (A logic error in the cut utility of uutils coreutils causes the progra ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11399
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/593f5b191e8b9c87e4292955999c2d0b5cbcce69 (0.8.0)
CVE-2026-35379 (A logic error in the tr utility of uutils coreutils causes the program ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11405
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/358063f3367cb23a1e5db314cfdbfeb607749b3d (0.8.0)
CVE-2026-35378 (A logic error in the expr utility of uutils coreutils causes the progr ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11395
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/76b2f7877f558f3bfa78e3d4f49f022460f509b7 (0.8.0)
CVE-2026-35377 (A logic error in the env utility of uutils coreutils causes a failure ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11512
CVE-2026-35376 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the ch ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11402
CVE-2026-35375 (A logic error in the split utility of uutils coreutils causes the corr ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11397
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/d2b9550fe821a9a10bf0cec057509211357363f1 (0.8.0)
CVE-2026-35374 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the sp ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11401
CVE-2026-35373 (A logic error in the ln utility of uutils coreutils causes the program ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11403
CVE-2026-35372 (A logic error in the ln utility of uutils coreutils allows the utility ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11253
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/394c4b17f2f382b4be9f54389bcb79028de02f39 (0.8.0)
CVE-2026-35371 (The id utility in uutils coreutils exhibits incorrect behavior in its ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10006
CVE-2026-35370 (The id utility in uutils coreutils miscalculates the groups= section o ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10006
CVE-2026-35369 (An argument parsing error in the kill utility of uutils coreutils inco ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/9700
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/cae94028afcfa19b78dfc1072d1a22d8b2c6ca38 (0.6.0)
CVE-2026-35368 (A vulnerability exists in the chroot utility of uutils coreutils when ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10327
CVE-2026-35367 (The nohup utility in uutils coreutils creates its default output file, ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10021
CVE-2026-35366 (The printenv utility in uutils coreutils fails to display environment ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9701
NOTE: https://github.com/uutils/coreutils/pull/9728
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/0bfbbc00c7895c0fb6ea94987b4aab99e3d7ee52 (0.6.0)
CVE-2026-35365 (The mv utility in uutils coreutils improperly handles directory trees ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10546
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/9654e4abaf24449ef2279e9a16963edb5c8b8fef (0.7.0-1)
CVE-2026-35364 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the m ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10015
CVE-2026-35363 (A vulnerability in the rm utility of uutils coreutils allows the bypas ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9749
CVE-2026-35362 (The safe_traversal module in uutils coreutils, which provides protecti ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/9792
NOTE: FIXED BY: https://github.com/uutils/coreutils/commit/30239e69a328e76d2377f2a0bc02fbde61c34280 (0.6.0)
CVE-2026-35361 (The mknod utility in uutils coreutils fails to handle security labels ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10582
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/42b2ad83cdcf6e959ecb378c5040c60d9c64becf (0.6.0)
CVE-2026-35360 (The touch utility in uutils coreutils is vulnerable to a Time-of-Check ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10019
CVE-2026-35359 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utilit ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10017
CVE-2026-35358 (The cp utility in uutils coreutils, when performing recursive copies ( ...)
- rust-coreutils 0.7.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9746
NOTE: https://github.com/uutils/coreutils/pull/11163
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/e6a3bb596f149628ba973eec3d099f3bb69f2464 (0.7.0)
CVE-2026-35357 (The cp utility in uutils coreutils is vulnerable to an information dis ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10011
CVE-2026-35356 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the in ...)
- rust-coreutils 0.7.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10140
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/0c41299975f3c1e21cf5ca968d42cad55ceb42a1 (0.7.0)
CVE-2026-35355 (The install utility in uutils coreutils is vulnerable to a Time-of-Che ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10067
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/b5bbabc18a1121908848d836f869a4e98eb63886 (0.6.0)
CVE-2026-35354 (A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10014
CVE-2026-35353 (The mkdir utility in uutils coreutils incorrectly applies permissions ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10036
NOTE: Fixed by; https://github.com/uutils/coreutils/commit/037b9583bc03d814e8516df54ebcda6f681fe1f8 (0.6.0)
CVE-2026-35352 (A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the m ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10020
CVE-2026-35351 (The mv utility in uutils coreutils fails to preserve file ownership du ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9714
NOTE: https://github.com/uutils/coreutils/pull/11706
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/874efa7cc3361cb5af2a97db869147f910bcab44
CVE-2026-35350 (The cp utility in uutils coreutils fails to properly handle setuid and ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9750
CVE-2026-35349 (A vulnerability in the rm utility of uutils coreutils allows a bypass ...)
- rust-coreutils 0.7.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/9706
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/5e5968cdbc6618acd6c2402a8a98b503f278835e (0.7.0)
CVE-2026-35348 (The sort utility in uutils coreutils is vulnerable to a process panic ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9696
CVE-2026-35347 (The comm utility in uutils coreutils incorrectly consumes data from no ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/9545
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/75f45e87e52ed95840494963ab9a28651165d56e (0.6.0)
CVE-2026-35346 (The comm utility in uutils coreutils silently corrupts data by perform ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10192
NOTE: https://github.com/uutils/coreutils/pull/10206
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/b9372e509ea9b278fe13763237067a261bb8c946 (0.6.0)
CVE-2026-35345 (A vulnerability in the tail utility of uutils coreutils allows for the ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10328
CVE-2026-35344 (The dd utility in uutils coreutils suppresses errors during file trunc ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/9745
CVE-2026-35343 (The cut utility in uutils coreutils incorrectly handles the -s (only-d ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/11143
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/9bbb58b746c41802278b0cba738eebbf21517cf7 (0.7.0)
CVE-2026-35342 (The mktemp utility in uutils coreutils fails to properly handle an emp ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10566
NOTE: Fixed by (merge): https://github.com/uutils/coreutils/commit/eb25ec328b226d8fbbaa4058bf9187165bf06d51 (0.6.0)
CVE-2026-35341 (A vulnerability in uutils coreutils mkfifo allows for the unauthorized ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/issues/10020
CVE-2026-35340 (A flaw in the ChownExecutor used by uutils coreutils chown and chgrp c ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10035
NOTE: Fixed by; https://github.com/uutils/coreutils/commit/ebc08af9c34138f474b32ea0ef34bed3b086a3ed (0.6.0)
CVE-2026-35339 (The recursive mode (-R) of the chmod utility in uutils coreutils incor ...)
- rust-coreutils 0.6.0-1
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/9793
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/abd581f62e97d0b147306ac40eac13af71c6fbba (0.6.0)
CVE-2026-35338 (A vulnerability in the chmod utility of uutils coreutils allows users ...)
- rust-coreutils <unfixed>
+ [trixie] - rust-coreutils <no-dsa> (Minor issue)
+ [bookworm] - rust-coreutils <no-dsa> (Minor issue)
NOTE: https://github.com/uutils/coreutils/pull/10033
NOTE: Fixed by: https://github.com/uutils/coreutils/commit/413055b378fa6fe2299c5e5f538c8e6e841ab810
CVE-2026-34415 (Xerte Online Toolkits versions 3.15 and earlier contain an incomplete ...)
@@ -1971,10 +2059,14 @@ CVE-2026-37748 (Visitor Management System 1.0 by sanjay1313 is vulnerable to Unr
NOT-FOR-US: Visitor Management System
CVE-2026-35588 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
- glances 4.5.4+dfsg-1 (bug #1134645)
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE: https://github.com/nicolargo/glances/security/advisories/GHSA-grp3-h8m8-45p7
NOTE: https://github.com/nicolargo/glances/commit/d339181f03a14bb15506307e9d58f876e23d8160 (v4.5.4)
CVE-2026-35587 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
- glances 4.5.4+dfsg-1 (bug #1134645)
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE: https://github.com/nicolargo/glances/security/advisories/GHSA-g5pq-48mj-jvw8
NOTE: https://github.com/nicolargo/glances/commit/d6808be66728956477cc4b544bab1acd71ac65fb (v4.5.4)
CVE-2026-35570 (OpenClaude is an open-source coding-agent command line interface for c ...)
@@ -1983,6 +2075,8 @@ CVE-2026-35451 (Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Si
NOT-FOR-US: Twenty
CVE-2026-34839 (Glances is an open-source system cross-platform monitoring tool. Prior ...)
- glances 4.5.4+dfsg-1 (bug #1134645)
+ [trixie] - glances <no-dsa> (Minor issue)
+ [bookworm] - glances <no-dsa> (Minor issue)
NOTE: https://github.com/nicolargo/glances/security/advisories/GHSA-gfc2-9qmw-w7vh
NOTE: https://github.com/nicolargo/glances/commit/fdfb977b1d91b5e410bc06c4e19f8bedb0005ce9 (v4.5.4)
CVE-2026-34403 (Nginx UI is a web user interface for the Nginx web server. Prior to ve ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3a33eabb4fff6e546db26cba1ed266cc39b28e0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d3a33eabb4fff6e546db26cba1ed266cc39b28e0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260423/4c72e0d0/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list