[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Apr 28 12:45:03 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec6c54b6 by Moritz Muehlenhoff at 2026-04-28T13:43:14+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2093,19 +2093,28 @@ CVE-2026-41454 (WeKan before8.35 contains a missing authorization vulnerability
 	- wekan <itp> (bug #819238)
 CVE-2026-41314 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
 	- pypdf <unfixed> (bug #1134738)
+	[trixie] - pypdf <no-dsa> (Minor issue)
+	[bookworm] - pypdf <no-dsa> (Minor issue)
 	- pypdf2 <removed>
+	[bookworm] - pypdf2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p
 	NOTE: https://github.com/py-pdf/pypdf/pull/3734
 	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11 (6.10.2)
 CVE-2026-41313 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
 	- pypdf <unfixed> (bug #1134737)
+	[trixie] - pypdf <no-dsa> (Minor issue)
+	[bookworm] - pypdf <no-dsa> (Minor issue)
 	- pypdf2 <removed>
+	[bookworm] - pypdf2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw
 	NOTE: https://github.com/py-pdf/pypdf/pull/3735
 	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a (6.10.2)
 CVE-2026-41312 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
 	- pypdf <unfixed> (bug #1134736)
+	[trixie] - pypdf <no-dsa> (Minor issue)
+	[bookworm] - pypdf <no-dsa> (Minor issue)
 	- pypdf2 <removed>
+	[bookworm] - pypdf2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f
 	NOTE: https://github.com/py-pdf/pypdf/pull/3734
 	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11 (6.10.2)
@@ -2162,7 +2171,10 @@ CVE-2026-41170 (Squidex is an open source headless content management system and
 	NOT-FOR-US: Squidex
 CVE-2026-41168 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
 	- pypdf <unfixed> (bug #1134733)
+	[trixie] - pypdf <no-dsa> (Minor issue)
+	[bookworm] - pypdf <no-dsa> (Minor issue)
 	- pypdf2 <removed>
+	[bookworm] - pypdf2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx
 	NOTE: https://github.com/py-pdf/pypdf/pull/3733
 	NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3 (6.10.1)
@@ -2686,18 +2698,22 @@ CVE-2026-34413 (Xerte Online Toolkits versions 3.15 and earlier contain a missin
 	NOT-FOR-US: Xerte Online Toolkits
 CVE-2026-33611 (An operator allowed to use the REST API can cause the Authoritative se ...)
 	- pdns <unfixed>
+	[bookworm] - pdns <end-of-life> (See #1119290)
 	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#insufficient-validation-of-https-and-svcb-records
 CVE-2026-33610 (A rogue primary server may cause file descriptor exhaustion and eventu ...)
 	- pdns <unfixed>
+	[bookworm] - pdns <end-of-life> (See #1119290)
 	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#possible-file-descriptor-exhaustion-in-forward-dnsupdate
 CVE-2026-33609 (Incomplete escaping of LDAP queries when running with 8bit-dns enabled ...)
 	- pdns <unfixed>
+	[bookworm] - pdns <end-of-life> (See #1119290)
 	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#ldap-dn-injection
 CVE-2026-33608 (An attacker can send a notify request that causes a new secondary doma ...)
 	- pdns <unfixed>
+	[bookworm] - pdns <end-of-life> (See #1119290)
 	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html#incomplete-domain-name-sanitization-during-bind-autosecondary-zone-transfer
 CVE-2026-33601 (If you use the zoneToCache function with a malicious authoritative ser ...)
@@ -3266,6 +3282,7 @@ CVE-2026-33257 (An attacker can send a web request that causes unlimited memory
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	- pdns <unfixed>
+	[bookworm] - pdns <end-of-life> (See #1119290)
 	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33257-insufficient-input-validation-of-internal-webserver
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-03.html#cve-2026-33257-insufficient-input-validation-of-internal-web-server
@@ -3280,6 +3297,7 @@ CVE-2026-33260 (An attacker can send a web request that causes unlimited memory
 	[bookworm] - pdns-recursor <end-of-life> (see DSA 6045)
 	[bullseye] - pdns-recursor <end-of-life> (see DSA 6045)
 	- pdns <unfixed>
+	[bookworm] - pdns <end-of-life> (See #1119290)
 	[bullseye] - pdns <end-of-life> (see DLA 4471)
 	NOTE: https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html#cve-2026-33260-insufficient-input-validation-of-internal-webserver
 	NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-03.html#cve-2026-33260-insufficient-input-validation-of-internal-web-server



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec6c54b68742378519a87c9844af29bf7b3b2cf7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec6c54b68742378519a87c9844af29bf7b3b2cf7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260428/b0e621d8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list