[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Thu Feb 5 14:46:17 GMT 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6051fd7f by Moritz Muehlenhoff at 2026-02-05T15:46:07+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3119,7 +3119,10 @@ CVE-2026-24771 (Hono is a Web application framework that provides support for an
 	NOT-FOR-US: Hono
 CVE-2026-24688 (pypdf is a free and open-source pure-python PDF library. An attacker w ...)
 	- pypdf <unfixed> (bug #1126575)
+	[trixie] - pypdf <no-dsa> (Minor issue)
+	[bookworm] - pypdf <no-dsa> (Minor issue)
 	- pypdf2 <removed>
+	[bookworm] - pypdf2 <no-dsa> (Minor issue)
 	[bullseye] - pypdf2 <postponed> (Minor issue, DoS)
 	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73
 	NOTE: https://github.com/py-pdf/pypdf/pull/3610
@@ -3310,19 +3313,19 @@ CVE-2025-41726 (A low privileged remote attacker can execute arbitrary code by s
 CVE-2025-33234 (NVIDIA runx contains a vulnerability where an attacker could cause a c ...)
 	NOT-FOR-US: NVIDIA
 CVE-2025-28164 (Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local a ...)
-	- libpng1.6 1.6.47-1
-	[bookworm] - libpng1.6 <no-dsa> (Minor issue)
-	[bullseye] - libpng1.6 <postponed> (Minor issue, memory leak)
+	- libpng1.6 1.6.47-1 (unimportant)
 	NOTE: https://github.com/pnggroup/libpng/issues/655
 	NOTE: https://github.com/pnggroup/libpng/pull/657
 	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/b20e6fb31479868f1d5f5cd268d4776767016941 (v1.6.47)
+	NOTE: No security impact, memory leak in CLI tool
 CVE-2025-28162 (Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local a ...)
-	- libpng1.6 1.6.47-1
+	- libpng1.6 1.6.47-1 (unimportant)
 	[bookworm] - libpng1.6 <no-dsa> (Minor issue)
 	[bullseye] - libpng1.6 <postponed> (Minor issue, memory leak)
 	NOTE: https://github.com/pnggroup/libpng/issues/656
 	NOTE: https://github.com/pnggroup/libpng/pull/657
 	NOTE: Fixed by: https://github.com/pnggroup/libpng/commit/b20e6fb31479868f1d5f5cd268d4776767016941 (v1.6.47)
+	NOTE: No security impact, memory leak in CLI tool
 CVE-2025-14911 (User-controlled chunkSize metadata from MongoDB lacks appropriate vali ...)
 	- mongodb <removed>
 CVE-2025-12810 (Improper Authentication vulnerability in Delinea Inc. Secret Server On ...)
@@ -5729,6 +5732,8 @@ CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in for
 	NOT-FOR-US: Tenda
 CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration files of th ...)
 	- arduino-core-avr 1.8.7+dfsg-1 (bug #1126285)
+	[trixie] - arduino-core-avr <no-dsa> (Minor issue)
+	[bookworm] - arduino-core-avr <no-dsa> (Minor issue)
 	NOTE: https://github.com/arduino/ArduinoCore-avr/security/advisories/GHSA-pvx3-fm7w-6hjm
 	NOTE: https://github.com/arduino/ArduinoCore-avr/pull/613
 	NOTE: Fixed by (merge): https://github.com/arduino/ArduinoCore-avr/commit/82a8ad2fb33911d8927c7af22e0472b94325d1a7 (1.8.7)
@@ -6087,7 +6092,9 @@ CVE-2026-0865 (User-controlled header names and values containing newlines can a
 	{DLA-4455-1}
 	- python3.14 3.14.3-1 (bug #1126739)
 	- python3.13 3.13.12-1 (bug #1126740)
+	[trixie] - python3.13 <no-dsa> (Minor issue)
 	- python3.11 <removed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6051fd7faaa16a6277f7173c75d2974b00102187

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6051fd7faaa16a6277f7173c75d2974b00102187
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260205/2be37097/attachment.htm>
