[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4c11996e by Moritz Muehlenhoff at 2026-02-03T16:22:07+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2123,6 +2123,8 @@ CVE-2026-24883 (In GnuPG before 2.5.17, a long signature packet length causes pa
 	NOTE: Introduced by: https://dev.gnupg.org/rG36dbca3e6944d13e75e96eace634e58a7d7e201d (gnupg-2.5.3)
 CVE-2026-24882 (In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2da ...)
 	- gnupg2 <unfixed> (bug #1126631)
+	[trixie] - gnupg2 <no-dsa> (Minor issue)
+	[bookworm] - gnupg2 <no-dsa> (Minor issue)
 	NOTE: https://dev.gnupg.org/T8045
 CVE-2026-24881 (In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message c ...)
 	- gnupg2 <not-affected> (Vulnerable code not present)
@@ -3002,6 +3004,8 @@ CVE-2026-1299 (The  email module, specifically the "BytesGenerator" class, didn\
 CVE-2026-0994 (A denial-of-service (DoS) vulnerability exists in google.protobuf.json ...)
 	[experimental] - protobuf 3.25.7-1
 	- protobuf <unfixed> (bug #1126302)
+	[trixie] - protobuf <no-dsa> (Minor issue)
+	[bookworm] - protobuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/protocolbuffers/protobuf/issues/25070
 	NOTE: https://github.com/protocolbuffers/protobuf/pull/25239
 CVE-2026-0914 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...)
@@ -5040,9 +5044,10 @@ CVE-2025-57786 (A reflected cross-site scripting (xss) vulnerability exists in t
 CVE-2025-56353 (In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-1 ...)
 	NOT-FOR-US: tinyMQTT
 CVE-2025-56005 (An undocumented and unsafe feature in the PLY (Python Lex-Yacc) librar ...)
-	- ply <unfixed>
+	- ply <unfixed> (unimportant)
 	NOTE: https://github.com/bohmiiidd/Undocumented-RCE-in-PLY
 	NOTE: Disputed, unmaintained: https://www.openwall.com/lists/oss-security/2026/01/23/4
+	NOTE: Negligible security impact
 CVE-2025-55423 (A command injection vulnerability exists in the upnp_relay() function  ...)
 	NOT-FOR-US: ipTIME
 CVE-2025-55071 (A reflected cross-site scripting (xss) vulnerability exists in the mod ...)
@@ -68800,6 +68805,8 @@ CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module affec
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- pypy3 <unfixed> (bug #1126758)
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/issues/130577
 	NOTE: https://github.com/python/cpython/pull/137027
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/ZULLF3IZ726XP5EY7XJ7YIN3K5MDYR2D/



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c11996ef0847ac484f526e3f1e78c2c099a5c50

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4c11996ef0847ac484f526e3f1e78c2c099a5c50
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260203/e19cfdc6/attachment-0001.htm>