[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Feb 9 15:16:24 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
dd2e37f1 by Moritz Muehlenhoff at 2026-02-09T16:16:07+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -950,12 +950,16 @@ CVE-2025-68643 (Axigen Mail Server before 10.5.57 allows stored Cross-Site Scrip
NOT-FOR-US: Axigen Mail Server
CVE-2025-58190 (The html.Parse function in golang.org/x/net/html has an infinite parsi ...)
- golang-golang-x-net <unfixed> (bug #1127320)
+ [trixie] - golang-golang-x-net <no-dsa> (Minor issue)
+ [bookworm] - golang-golang-x-net <no-dsa> (Minor issue)
[bullseye] - golang-golang-x-net <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c
NOTE: https://github.com/golang/go/issues/70179
NOTE: Fixed by: https://github.com/golang/net/commit/6ec8895aa5f6594da7356da7d341b98133629009 (v0.45.0)
CVE-2025-47911 (The html.Parse function in golang.org/x/net/html has quadratic parsing ...)
- golang-golang-x-net <unfixed> (bug #1127321)
+ [trixie] - golang-golang-x-net <no-dsa> (Minor issue)
+ [bookworm] - golang-golang-x-net <no-dsa> (Minor issue)
[bullseye] - golang-golang-x-net <postponed> (Limited support, minor issue, follow bookworm DSAs/point-releases)
NOTE: https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c
NOTE: https://github.com/golang/go/issues/75682
@@ -3283,6 +3287,8 @@ CVE-2026-25090
REJECTED
CVE-2026-25063 (gradle-completion provides Bash and Zsh completion support for Gradle. ...)
- gradle-completion <unfixed> (bug #1126696)
+ [trixie] - gradle-completion <no-dsa> (Minor issue)
+ [bookworm] - gradle-completion <no-dsa> (Minor issue)
NOTE: https://github.com/gradle/gradle-completion/security/advisories/GHSA-qggc-44r3-cjgv
NOTE: Fixed by: https://github.com/gradle/gradle-completion/commit/f0034a8a44b8191e5b764cf9b0211cade6ee55d7 (v9.3.1)
CVE-2026-25061 (tcpflow is a TCP/IP packet demultiplexer. In versions up to and includ ...)
@@ -7256,7 +7262,9 @@ CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values and
{DLA-4455-1}
- python3.14 3.14.3-1 (bug #1126761)
- python3.13 3.13.12-1 (bug #1126762)
+ [trixie] - python3.13 <no-dsa> (Minor issue)
- python3.11 <removed>
+ [bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.9 <removed>
- pypy3 <unfixed> (bug #1126763)
[trixie] - pypy3 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd2e37f10bf1e614431a2c4815dd3952b3c8adca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dd2e37f10bf1e614431a2c4815dd3952b3c8adca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260209/790e35fd/attachment.htm>
More information about the debian-security-tracker-commits
mailing list