[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Apr 26 13:16:43 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e9583e25 by Moritz Muehlenhoff at 2026-04-26T14:16:19+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -129,6 +129,8 @@ CVE-2026-6175
REJECTED
CVE-2026-42171 (NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes ...)
- nsis <unfixed> (bug #1134955)
+ [trixie] - nsis <no-dsa> (Minor issue)
+ [bookworm] - nsis <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/NSIS-Dev/nsis/commit/8e6f02205d5f22da6c7855dbfe59b2af667330ca (v312)
CVE-2026-41894 (SiYuan is an open-source personal knowledge management system. Prior t ...)
NOT-FOR-US: SiYuan
@@ -256,11 +258,15 @@ CVE-2026-41907 (uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Pr
NOTE: Duplicate with CVE-2026-41988 (CNA contacted)
CVE-2026-41898 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
- rust-openssl 0.10.78-1 (bug #1134881)
+ [trixie] - rust-openssl <no-dsa> (Minor issue)
+ [bookworm] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-hppc-g8h3-xhp3
NOTE: https://github.com/rust-openssl/rust-openssl/pull/2607
NOTE: https://github.com/rust-openssl/rust-openssl/commit/1d109020d98fff2fb2e45c39a373af3dff99b24c (openssl-v0.10.78)
CVE-2026-41681 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
- rust-openssl 0.10.78-1 (bug #1134881)
+ [trixie] - rust-openssl <no-dsa> (Minor issue)
+ [bookworm] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-ghm9-cr32-g9qj
NOTE: https://github.com/rust-openssl/rust-openssl/pull/2608
NOTE: https://github.com/rust-openssl/rust-openssl/commit/826c3888b77add418b394770e2b2e3a72d9f92fe (openssl-v0.10.78)
@@ -269,12 +275,18 @@ CVE-2026-41680 (Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1,
NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-6v9c-7cg6-27q7
CVE-2026-41678 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
- rust-openssl 0.10.78-1 (bug #1134881)
+ [trixie] - rust-openssl <no-dsa> (Minor issue)
+ [bookworm] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9
CVE-2026-41677 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
- rust-openssl 0.10.78-1 (bug #1134881)
+ [trixie] - rust-openssl <no-dsa> (Minor issue)
+ [bookworm] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-xmgf-hq76-4vx2
CVE-2026-41676 (rust-openssl provides OpenSSL bindings for the Rust programming langua ...)
- rust-openssl 0.10.78-1 (bug #1134881)
+ [trixie] - rust-openssl <no-dsa> (Minor issue)
+ [bookworm] - rust-openssl <no-dsa> (Minor issue)
NOTE: https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-pqf5-4pqq-29f5
CVE-2026-41492 (Dgraph is an open source distributed GraphQL database. Prior to 25.3.3 ...)
NOT-FOR-US: Dgraph
@@ -1297,6 +1309,8 @@ CVE-2026-6019 (http.cookies.Morsel.js_output() returns an inline <script> snippe
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- pypy3 <unfixed>
+ [trixie] - pypy3 <no-dsa> (Minor issue)
+ [bookworm] - pypy3 <no-dsa> (Minor issue)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/IVNWGV2BBNC3RHQAFS22UP4DY56SAXX3/
NOTE: https://github.com/python/cpython/issues/90309
NOTE: https://github.com/python/cpython/pull/148848
@@ -2789,6 +2803,8 @@ CVE-2026-40892 (PJSIP is a free and open source multimedia communication library
NOTE: https://github.com/pjsip/pjproject/commit/c82123ea6f3c3652bbc9ebd5e9e658c301451687 (2.17)
CVE-2026-40890 (The package `github.com/gomarkdown/markdown` is a Go library for parsi ...)
- golang-github-gomarkdown-markdown <unfixed> (bug #1134644)
+ [trixie] - golang-github-gomarkdown-markdown <no-dsa> (Minor issue)
+ [bookworm] - golang-github-gomarkdown-markdown <no-dsa> (Minor issue)
NOTE: https://github.com/gomarkdown/markdown/security/advisories/GHSA-77fj-vx54-gvh7
NOTE: https://github.com/gomarkdown/markdown/commit/759bbc3e32073c3bc4e25969c132fc520eda2778
CVE-2026-40889 (Frappe HR is an open-source human resources management solution (HRMS) ...)
@@ -3415,6 +3431,8 @@ CVE-2026-32311 (Flowsint is an open-source OSINT graph exploration tool designed
NOT-FOR-US: Flowsint
CVE-2026-32147 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
- erlang 1:27.3.4.11+dfsg-1
+ [trixie] - erlang <no-dsa> (Minor issue)
+ [bookworm] - erlang <no-dsa> (Minor issue)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-28jg-mw9x-hpm5
NOTE: https://cna.erlef.org/cves/CVE-2026-32147.html
NOTE: https://github.com/erlang/otp/commit/28c5d5a6c5f873dc701b597276271763e7d1c004 (OTP-26.2.5.20, OTP-27.3.4.11, OTP-28.4.3)
@@ -15101,6 +15119,8 @@ CVE-2026-34362 (WWBN AVideo is an open source video platform. In versions up to
NOT-FOR-US: WWBN AVideo
CVE-2026-34353 (In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, ...)
- ocaml 5.2.0-1
+ [trixie] - ocaml <no-dsa> (Minor issue)
+ [bookworm] - ocaml <no-dsa> (Minor issue)
NOTE: https://github.com/ocaml/ocaml/issues/14655
NOTE: Fixed as side effect in: https://github.com/ocaml/ocaml/pull/11022
NOTE: Fixed by: https://github.com/ocaml/ocaml/commit/c667d0e1c5284f5ec46ee4a99b149fa5ac5dfe30 (5.0.0-alpha0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9583e25e81df4f878c107729bb40f0e47ccbc5c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e9583e25e81df4f878c107729bb40f0e47ccbc5c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260426/0d636183/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list