[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 3 14:12:08 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ad2d4643 by Moritz Muehlenhoff at 2026-02-03T15:11:23+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -165,21 +165,29 @@ CVE-2026-1580
 CVE-2026-1767 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
 	- localsearch <unfixed>
 	- tracker-miners <removed>
+	[trixie] - tracker-miners <no-dsa> (Minor issue)
+	[bookworm] - tracker-miners <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/429
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/2897ca48b7ae79db7dcfe7e66cdd5d75cb641466
 CVE-2026-1766 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags)]
 	- localsearch <unfixed>
 	- tracker-miners <removed>
+	[trixie] - tracker-miners <no-dsa> (Minor issue)
+	[bookworm] - tracker-miners <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/428
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/9cc562cc126c408efb2a8220fcd67f006902412c
 CVE-2026-1765 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags)]
 	- localsearch <unfixed>
 	- tracker-miners <removed>
+	[trixie] - tracker-miners <no-dsa> (Minor issue)
+	[bookworm] - tracker-miners <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/427
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/79f47309bad068ff0c19c1431abab6766edc687f
 CVE-2026-1764 [Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
 	- localsearch <unfixed>
 	- tracker-miners <removed>
+	[trixie] - tracker-miners <no-dsa> (Minor issue)
+	[bookworm] - tracker-miners <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/localsearch/-/issues/425
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/5337e2977f159c29e2b8af575e56866862af241b
 CVE-2026-24071 (It was found that the XPC service offered by the privileged helper of  ...)
@@ -248,12 +256,20 @@ CVE-2026-1770 (Improper Control of Dynamically-Managed Code Resources vulnerabil
 	NOT-FOR-US: Crafter CMS
 CVE-2026-1761 (A flaw was found in libsoup. This stack-based buffer overflow vulnerab ...)
 	- libsoup3 <unfixed> (bug #1126877)
+	[trixie] - libsoup3 <no-dsa> (Minor issue)
+	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
+	[trixie] - libsoup2.4 <no-dsa> (Minor issue)
+	[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/493
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/cfa9d90d1a5c274233554a264c56551c13d6a6f0
 CVE-2026-1760 (A flaw was found in SoupServer. This HTTP request smuggling vulnerabil ...)
 	- libsoup3 <unfixed> (bug #1126876)
+	[trixie] - libsoup3 <no-dsa> (Minor issue)
+	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
+	[trixie] - libsoup2.4 <no-dsa> (Minor issue)
+	[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/475
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/6224df5a471e9040a99dd3dc2e91817a701b1bf6
 CVE-2026-1757 (A flaw was identified in the interactive shell of the xmllint utility, ...)
@@ -5149,6 +5165,7 @@ CVE-2025-14376 (A security issue was discovered within the legacy ADI server com
 	NOT-FOR-US: Rockwell Automation
 CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains an inte ...)
 	- libchdr 0.0~git20250608.8bba774+dfsg-2 (bug #1126694)
+	[trixie] - libchdr <no-dsa> (Minor issue)
 	NOTE: qtads, dosbox-x and love bundle a copy, but these are standalone end user apps, so no security impact
 	NOTE: https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0
 	NOTE: https://www.kb.cert.org/vuls/id/924114



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2d4643a6dfd38397bf2795d8c75eb7c6cb3527

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ad2d4643a6dfd38397bf2795d8c75eb7c6cb3527
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/b58da322/attachment.htm>

More information about the debian-security-tracker-commits mailing list