[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Feb 9 08:27:34 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0f7a0968 by Moritz Muehlenhoff at 2026-02-09T09:27:20+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -5769,9 +5769,9 @@ CVE-2026-0778 (Enel X JuiceBox 40 Telnet Service Missing Authentication Remote C
CVE-2026-0776 (Discord Client Uncontrolled Search Path Element Local Privilege Escala ...)
NOT-FOR-US: Discord
CVE-2026-0775 (npm cli Incorrect Permission Assignment Local Privilege Escalation Vul ...)
- - npm <unfixed> (bug #1126756)
+ - npm <unfixed> (bug #1126756; unimportant)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-26-043/
- NOTE: Considered as working by design by upstream, but disagreement with ZDI
+ NOTE: Considered as working by design by upstream
CVE-2026-0774 (WatchYourLAN Configuration Page Argument Injection Remote Code Executi ...)
NOT-FOR-US: WatchYourLAN
CVE-2026-0773 (Upsonic Cloudpickle Deserialization of Untrusted Data Remote Code Exec ...)
@@ -44674,6 +44674,7 @@ CVE-2025-31717 (In modem, there is a possible system crash due to improper input
CVE-2025-11626 (MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to ...)
{DSA-6124-1}
- wireshark 4.6.0-1 (bug #1117852)
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-04.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20724
CVE-2025-11593 (A flaw has been found in CodeAstro Gym Management System 1.0. This vul ...)
@@ -60805,6 +60806,7 @@ CVE-2025-9831 (A weakness has been identified in PHPGurukul Beauty Parlour Manag
CVE-2025-9817 (SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of servi ...)
{DSA-6124-1}
- wireshark 4.4.9-1
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-03.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20642
CVE-2025-9785 (PaperCut Print Deploy is an optional component that integrates with Pa ...)
@@ -124490,6 +124492,7 @@ CVE-2025-21355 (Missing Authentication for Critical Function in Microsoft Bing a
NOT-FOR-US: Microsoft
CVE-2025-1492 (Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 ...)
- wireshark 4.4.4-1
+ [bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <not-affected> (Vulnerable dissector not present)
NOTE: https://www.wireshark.org/security/wnpa-sec-2025-01.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20373
@@ -163967,10 +163970,12 @@ CVE-2024-9796 (The WP-Advanced-Search WordPress plugin before 3.3.9.2 does not s
NOT-FOR-US: WordPress plugin
CVE-2024-9781 (AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4. ...)
- wireshark 4.4.1-1
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-13.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20114
CVE-2024-9780 (ITS dissector crash in Wireshark 4.4.0 allows denial of service via pa ...)
- wireshark 4.4.1-1
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2024-12.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/20026
CVE-2024-9685 (The Notification for Telegram plugin for WordPress is vulnerable to un ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -43,6 +43,8 @@ mbedtls/oldstable
netty
Bastien Roucaries proposing an update
--
+nginx (jmm)
+--
node-tar
--
nodejs
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f7a09689b21736cffdd6296d5353295547330f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0f7a09689b21736cffdd6296d5353295547330f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260209/e3c28e5e/attachment.htm>
More information about the debian-security-tracker-commits
mailing list