[Git][security-tracker-team/security-tracker][master] 6 commits: mark CVE-2026-25749 as postponed for Bullseye

Thorsten Alteholz (@alteholz) alteholz at debian.org
Sat Feb 7 19:03:30 GMT 2026 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
41b3c821 by Thorsten Alteholz at 2026-02-07T19:46:29+01:00
mark CVE-2026-25749 as postponed for Bullseye

- - - - -
8cfd79b0 by Thorsten Alteholz at 2026-02-07T19:49:21+01:00
mark CVE-2025-69209 as postponed for Bullseye

- - - - -
1b47dadf by Thorsten Alteholz at 2026-02-07T19:50:30+01:00
mark CVE-2026-1991 as postponed for Bullseye (revisit when fixed upstream)

- - - - -
a75585dd by Thorsten Alteholz at 2026-02-07T19:53:41+01:00
mark CVE-2026-1979 as postponed for Bullseye

- - - - -
4c3860a8 by Thorsten Alteholz at 2026-02-07T19:55:50+01:00
mark CVE-2026-24486 as postponed for Bullseye

- - - - -
7b568306 by Thorsten Alteholz at 2026-02-07T20:02:58+01:00
mark CVE-2026-25727 as not-affected for Bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -63,6 +63,7 @@ CVE-2026-25749 (Vim is an open source, command line text editor. Prior to versio
 	- vim <unfixed>
 	[trixie] - vim <no-dsa> (Minor issue)
 	[bookworm] - vim <no-dsa> (Minor issue)
+	[bullseye] - vim <postponed> (Minor issue)
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-5w93-4g67-mm43
 	NOTE: Fixed by: https://github.com/vim/vim/commit/0714b15940b245108e6e9d7aa2260dd849a26fa9 (v9.1.2132)
 CVE-2026-25732 (NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI's File ...)
@@ -404,6 +405,7 @@ CVE-2026-25727 (time provides date and time handling in Rust. From 0.3.6 to befo
 	- rust-time 0.3.47-1
 	[trixie] - rust-time <no-dsa> (Minor issue)
 	[bookworm] - rust-time <no-dsa> (Minor issue)
+	[bullseye] - rust-time <not-affected> (rfc2822 parsing introduced in v0.3.6)
 	NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0009.html
 	NOTE: https://github.com/advisories/GHSA-r6v5-fh4h-64xc
 	NOTE: Fixed by: https://github.com/time-rs/time/commit/1c63dc7985b8fa26bd8c689423cc56b7a03841ee (v0.3.47)
@@ -458,6 +460,7 @@ CVE-2026-1991 (A vulnerability was detected in libuvc up to 0.0.7. Affected is t
 	- libuvc <unfixed> (bug #1127316)
 	[trixie] - libuvc <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libuvc <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - libuvc <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/libuvc/libuvc/issues/300
 CVE-2026-1990 (A security vulnerability has been detected in oatpp up to 1.3.1. This  ...)
 	NOT-FOR-US: oatpp
@@ -465,6 +468,7 @@ CVE-2026-1979 (A flaw has been found in mruby up to 3.4.0. This affects the func
 	- mruby <unfixed> (bug #1127317)
 	[trixie] - mruby <no-dsa> (Minor issue)
 	[bookworm] - mruby <no-dsa> (Minor issue)
+	[bullseye] - mruby <postponed> (Minor issue)
 	NOTE: https://github.com/mruby/mruby/issues/6701
 	NOTE: https://github.com/sysfce2/mruby/commit/e50f15c1c6e131fa7934355eb02b8173b13df415
 CVE-2026-1978 (A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected b ...)
@@ -4245,6 +4249,7 @@ CVE-2026-24486 (Python-Multipart is a streaming multipart parser for Python. Pri
 	- python-multipart 0.0.20-1.1 (bug #1126557)
 	[trixie] - python-multipart <no-dsa> (Minor issue; will be fixed via point release)
 	[bookworm] - python-multipart <no-dsa> (Minor issue)
+	[bullseye] - python-multipart <postponed> (Minor issue)
 	NOTE: https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg
 	NOTE: Fixed by: https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4 (0.0.22)
 	NOTE: Followup for test: https://github.com/Kludex/python-multipart/commit/0fb59a9df0f273bfde99740b302ccb2ae45e2b8a (0.0.22)
@@ -6485,6 +6490,7 @@ CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration files
 	- arduino-core-avr 1.8.7+dfsg-1 (bug #1126285)
 	[trixie] - arduino-core-avr <no-dsa> (Minor issue)
 	[bookworm] - arduino-core-avr <no-dsa> (Minor issue)
+	[bullseye] - arduino-core-avr <postponed> (Minor issue)
 	NOTE: https://github.com/arduino/ArduinoCore-avr/security/advisories/GHSA-pvx3-fm7w-6hjm
 	NOTE: https://github.com/arduino/ArduinoCore-avr/pull/613
 	NOTE: Fixed by (merge): https://github.com/arduino/ArduinoCore-avr/commit/82a8ad2fb33911d8927c7af22e0472b94325d1a7 (1.8.7)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68a19319250e9311ec01ad2c79d596deb786d67...7b568306995eaae47a80f2f377cb5fce57c079af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f68a19319250e9311ec01ad2c79d596deb786d67...7b568306995eaae47a80f2f377cb5fce57c079af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260207/a728d10b/attachment.htm>

More information about the debian-security-tracker-commits mailing list