[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Apr 28 09:08:00 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bb02e601 by Moritz Muehlenhoff at 2026-04-28T10:06:51+02:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1915,6 +1915,8 @@ CVE-2026-41213 (@node-oauth/oauth2-server is a module for implementing an OAuth2
NOT-FOR-US: node-oauth2-server
CVE-2026-41205 (Mako is a template library written in Python. Prior to 1.3.11, Templat ...)
- mako <unfixed> (bug #1134729)
+ [trixie] - mako <no-dsa> (Minor issue)
+ [bookworm] - mako <no-dsa> (Minor issue)
NOTE: https://github.com/sqlalchemy/mako/security/advisories/GHSA-v92g-xgxw-vvmm
CVE-2026-41173 (The AWS X-Ray Remote Sampler package provides a sampler which can get ...)
NOT-FOR-US: AWS X-Ray Remote Sampler package
@@ -5464,6 +5466,8 @@ CVE-2026-40255 (AdonisJS HTTP Server is a package for handling HTTP requests in
NOT-FOR-US: AdonisJS HTTP Server
CVE-2026-40253 (openCryptoki is a PKCS#11 library and provides tooling for Linux and A ...)
- opencryptoki <unfixed>
+ [trixie] - opencryptoki <no-dsa> (Minor issue)
+ [bookworm] - opencryptoki <no-dsa> (Minor issue)
NOTE: https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-c9cf-6vr4-wfxm
NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/ed378f463ef73364c89feb0fc923f4dc867332a3
CVE-2026-40249 (free5GC is an open-source implementation of the 5G core network. In ve ...)
@@ -7160,7 +7164,6 @@ CVE-2026-40313 (PraisonAI is a multi-agent teams system. In versions 4.5.139 and
NOT-FOR-US: PraisonAI
CVE-2026-40312 (ImageMagick is free and open-source software used for editing and mani ...)
- imagemagick 8:7.1.2.19+dfsg1-1
- [trixie] - imagemagick <not-affected> (Vulnerable code not present)
[bookworm] - imagemagick <not-affected> (Vulnerable code not present)
[bullseye] - imagemagick <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-5xg3-585r-9jh5
@@ -45555,9 +45558,9 @@ CVE-2026-1324 (A vulnerability was identified in Sangfor Operation and Maintenan
CVE-2026-1260 (Invalid memory access in Sentencepiece versions less than 0.2.1 when u ...)
NOT-FOR-US: Sentencepiece
CVE-2026-1225 (ACE vulnerability in configuration file processing by QOS.CH logback- ...)
- - logback <unfixed> (bug #1126748)
- [bullseye] - logback <postponed> (minor issue; requires write access to conf files)
+ - logback <unfixed> (unimportant; bug #1126748)
NOTE: https://logback.qos.ch/news.html#1.5.25
+ NOTE: Does not cross any reasonable security boundary
CVE-2026-1036 (The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin ...)
NOT-FOR-US: WordPress plugin
CVE-2026-0920 (The LA-Studio Element Kit for Elementor plugin for WordPress is vulner ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb02e6017a99d416d30176ef8ce385f65b5b1c58
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bb02e6017a99d416d30176ef8ce385f65b5b1c58
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/ba349043/attachment.htm>
More information about the debian-security-tracker-commits
mailing list