[Git][security-tracker-team/security-tracker][master] 2 commits: lts: CVE-2026-41163/bubblewrap no-dsa in bullseye

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Fri Apr 24 12:16:38 BST 2026 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d5839ed6 by Emilio Pozuelo Monfort at 2026-04-24T13:16:27+02:00
lts: CVE-2026-41163/bubblewrap no-dsa in bullseye

- - - - -
17626bd3 by Emilio Pozuelo Monfort at 2026-04-24T13:16:28+02:00
lts: CVE-2026-27489/onnx no-dsa on bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -411,6 +411,7 @@ CVE-2026-41163 [Privilege escalation if setuid root, via ptrace]
 	- bubblewrap 0.11.2-1 (bug #1134704)
 	[trixie] - bubblewrap <no-dsa> (Minor issue)
 	[bookworm] - bubblewrap <no-dsa> (Minor issue)
+	[bullseye] - bubblewrap <no-dsa> (Minor issue, bubblewrap not installed as setuid)
 CVE-2026-41564 (CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG ...)
 	- libcryptx-perl 0.087-2
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39209500/
@@ -12484,6 +12485,7 @@ CVE-2026-27489 (Open Neural Network Exchange (ONNX) is an open standard for mach
 	- onnx <unfixed> (bug #1133190)
 	[trixie] - onnx <no-dsa> (Minor issue)
 	[bookworm] - onnx <no-dsa> (Minor issue)
+	[bullseye] - onnx <no-dsa> (Minor issue)
 	NOTE: https://github.com/onnx/onnx/security/advisories/GHSA-3r9x-f23j-gc73
 	NOTE: Fixed by: https://github.com/onnx/onnx/commit/4755f8053928dce18a61db8fec71b69c74f786cb
 CVE-2026-27101 (Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application versio ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6481f60c9d104d9818939185363fa3b6f53df650...17626bd3b699afcd2ac30d75de109f5e689dc7d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6481f60c9d104d9818939185363fa3b6f53df650...17626bd3b699afcd2ac30d75de109f5e689dc7d1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260424/c0f923e5/attachment.htm>

More information about the debian-security-tracker-commits mailing list