[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 10 11:58:27 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd7528f4 by Moritz Muehlenhoff at 2026-02-10T12:58:03+01:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -203,6 +203,8 @@ CVE-2025-11142 (The VAPIX API mediaclip.cgi that did not have a sufficient input
 	NOT-FOR-US: Axis Communication
 CVE-2026-2239 [PSD loader: heap-buffer-overflow in fread_pascal_string() (no null terminator)]
 	- gimp <unfixed>
+	[trixie] - gimp <no-dsa> (Minor issue)
+	[bookworm] - gimp <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/15812
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cf2772f5631719ae0e4e701bd7ef793b1f59cfa (master)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gimp/-/commit/51a2d65a2df403f6da582173e0ddd7904356f5ae (gimp-3-0 branch)
@@ -1496,6 +1498,8 @@ CVE-2026-25538 (Devtron is an open source tool integration platform for Kubernet
 	NOT-FOR-US: Devtron
 CVE-2026-25537 (jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a ...)
 	- rust-jsonwebtoken <unfixed> (bug #1127319)
+	[trixie] - rust-jsonwebtoken <no-dsa> (Minor issue)
+	[bookworm] - rust-jsonwebtoken <no-dsa> (Minor issue)
 	NOTE: https://github.com/Keats/jsonwebtoken/security/advisories/GHSA-h395-gr6q-cpjc
 	NOTE: Fixed by: https://github.com/Keats/jsonwebtoken/commit/abbc3076742c4161347bc6b8bf4aa5eb86e1dc01 (v10.3.0)
 CVE-2026-25536 (MCP TypeScript SDK is the official TypeScript SDK for Model Context Pr ...)
@@ -13970,6 +13974,8 @@ CVE-2026-21483 (listmonk is a standalone, self-hosted, newsletter and mailing li
 	NOT-FOR-US: listmonk
 CVE-2026-21452 (MessagePack for Java is a serializer implementation for Java. A denial ...)
 	- msgpack-java <unfixed> (bug #1124587)
+	[trixie] - msgpack-java <no-dsa> (Minor issue)
+	[bookworm] - msgpack-java <no-dsa> (Minor issue)
 	NOTE: https://github.com/msgpack/msgpack-java/security/advisories/GHSA-cw39-r4h6-8j3x
 	NOTE: Fixed by: https://github.com/msgpack/msgpack-java/commit/daa2ea6b2f11f500e22c70a22f689f7a9debdeae (v0.9.11)
 CVE-2026-21451 (Bagisto is an open source laravel eCommerce platform. A stored Cross-S ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7528f47ce8aaeafe2b4b059abd06cfba1cf660

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd7528f47ce8aaeafe2b4b059abd06cfba1cf660
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260210/c8dd4f53/attachment.htm>

More information about the debian-security-tracker-commits mailing list