[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Wed Feb 4 12:12:01 GMT 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0c93f81b by Moritz Muehlenhoff at 2026-02-04T13:11:16+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -169,7 +169,11 @@ CVE-2026-25541
 	NOTE: Fixed by: https://github.com/tokio-rs/bytes/commit/d0293b0e35838123c51ca5dfdf468ecafee4398f (v1.11.1)
 CVE-2026-1801 (A flaw was found in libsoup, an HTTP client/server library. This HTTP  ...)
 	- libsoup3 3.6.5-8
+	[trixie] - libsoup3 <no-dsa> (Minor issue)
+	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
+	[trixie] - libsoup2.4 <no-dsa> (Minor issue)
+	[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/481
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/506
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/b9a1c0663ff8ab6e79715db4b35b54f560416ddd
@@ -883,6 +887,8 @@ CVE-2026-1751 (A vulnerability has been discovered in GitLab CE/EE affecting all
 	NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/519340
 CVE-2026-1703 (When pip is installing and extracting a maliciously crafted wheel arch ...)
 	- python-pip 26.0+dfsg-1 (bug #1126875)
+	[trixie] - python-pip <no-dsa> (Minor issue)
+	[bookworm] - python-pip <no-dsa> (Minor issue)
 	NOTE: https://github.com/pypa/pip/pull/13777
 	NOTE: Fixed by: https://github.com/pypa/pip/commit/4c651b70d60ed91b13663bcda9b3ed41748d0124 (26.0)
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/WIEA34D4TABF2UNQJAOMXKCICSPBE2DJ/
@@ -1912,12 +1918,20 @@ CVE-2026-21865 (Discourse is an open source discussion platform. In versions pri
 	NOT-FOR-US: Discourse
 CVE-2026-1539 (A flaw was found in the libsoup HTTP library that can cause proxy auth ...)
 	- libsoup3 3.6.5-8 (bug #1126628)
+	[trixie] - libsoup3 <no-dsa> (Minor issue)
+	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
+	[trixie] - libsoup2.4 <no-dsa> (Minor issue)
+	[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/489
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/98c1285d9d78662c38bf14b4a128af01ccfdb446
 CVE-2026-1536 (A flaw was found in libsoup. An attacker who can control the input for ...)
 	- libsoup3 3.6.5-8 (bug #1126627)
+	[trixie] - libsoup3 <no-dsa> (Minor issue)
+	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
+	[trixie] - libsoup2.4 <no-dsa> (Minor issue)
+	[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/486
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/5c1a2e9c06a834eb715f60265a877f5b882cc1b1
 CVE-2026-1522 (A weakness has been identified in Open5GS up to 2.7.6. This vulnerabil ...)
@@ -2851,6 +2865,8 @@ CVE-2026-24408 (sigstore-python is a Python tool for generating and verifying Si
 	- sigstore-python <itp> (bug #1084157)
 CVE-2026-24400 (AssertJ provides Fluent testing assertions for Java and the Java Virtu ...)
 	- assertj-core <unfixed>
+	[trixie] - assertj-core <no-dsa> (Minor issue)
+	[bookworm] - assertj-core <no-dsa> (Minor issue)
 	NOTE: https://github.com/assertj/assertj/security/advisories/GHSA-rqfh-9r24-8c9r
 	NOTE: https://github.com/assertj/assertj/commit/85ca7eb6609bb179c043b85ae7d290523b1ba79a (assertj-build-3.27.7)
 CVE-2026-24131 (pnpm is a package manager. Prior to version 10.28.2, when pnpm process ...)
@@ -3632,8 +3648,9 @@ CVE-2025-67230 (Improper permissions in the handler for the Custom URL Scheme in
 CVE-2025-67229 (An improper certificate validation vulnerability exists in ToDesktop B ...)
 	NOT-FOR-US: ToDesktop Builder
 CVE-2025-67125 (A signed integer overflow in docopt.cpp v0.6.2 (LeafPattern::match in  ...)
-	- docopt.cpp <unfixed> (bug #1126774)
+	- docopt.cpp <unfixed> (bug #1126774; unimportant)
 	NOTE: https://github.com/docopt/docopt.cpp/issues/167
+	NOTE: Negligible security impact
 CVE-2025-67124 (A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finaliz ...)
 	NOT-FOR-US: svenstaro/miniserve
 CVE-2025-66720 (Null pointer dereference in free5gc pcf 1.4.0 in file internal/sbi/pro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c93f81b1a43c4d603ba1e2131a1188d466cbb6a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c93f81b1a43c4d603ba1e2131a1188d466cbb6a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260204/a9d8da1c/attachment.htm>
