[Git][security-tracker-team/security-tracker][master] 2 commits: trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14b7e24e by Moritz Muehlenhoff at 2026-02-11T17:23:55+01:00
trixie/bookworm triage

- - - - -
9568da78 by Moritz Muehlenhoff at 2026-02-11T17:41:00+01:00
ruby-faraday fixed in sid

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -534,6 +534,8 @@ CVE-2025-15572 (A vulnerability has been found in wasm3 up to 0.5.0. The affecte
 	NOT-FOR-US: wasm3
 CVE-2025-15571 (A security vulnerability has been detected in ckolivas lrzip up to 0.6 ...)
 	- lrzip <unfixed>
+	[trixie] - lrzip <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - lrzip <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/ckolivas/lrzip/issues/263
 CVE-2025-15570 (A vulnerability was found in ckolivas lrzip up to 0.651. This impacts  ...)
 	- lrzip <unfixed>
@@ -679,7 +681,7 @@ CVE-2026-25806 (PlaciPy is a placement management system designed for educationa
 CVE-2026-25791 (Sliver is a command and control framework that uses a custom Wireguard ...)
 	NOT-FOR-US: Sliver
 CVE-2026-25765 (Faraday is an HTTP client library abstraction layer that provides a co ...)
-	- ruby-faraday <unfixed>
+	- ruby-faraday 2.14.1-1
 	NOTE: https://github.com/lostisland/faraday/security/advisories/GHSA-33mh-2634-fwr2
 	NOTE: Fixed by: https://github.com/lostisland/faraday/commit/a6d3a3a0bf59c2ab307d0abd91bc126aef5561bc (v2.14.1)
 CVE-2026-25761 (Super-linter is a combination of multiple linters to run as a GitHub A ...)
@@ -688,6 +690,8 @@ CVE-2026-25740 (captive browser, a dedicated Chrome instance to log into captive
 	NOT-FOR-US: captive browser
 CVE-2026-25639 (Axios is a promise based HTTP client for the browser and Node.js. Prio ...)
 	- node-axios <unfixed>
+	[trixie] - node-axios <no-dsa> (Minor issue)
+	[bookworm] - node-axios <no-dsa> (Minor issue)
 	NOTE: https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433
 	NOTE: Fixed by: https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57 (v1.13.5)
 CVE-2026-25528 (LangSmith Client SDKs provide SDK's for interacting with the LangSmith ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ frr/oldstable
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
+gimp
+--
 git-lfs
 --
 jackson-core
@@ -55,7 +57,7 @@ opennds/oldstable
 pdfminer (carnil)
   Required followup for CVE-2025-64512 as original fix was incomplete.
 --
-pdns-recursor
+pdns-recursor/stable (jmm)
   Asked maintainer for updates
 --
 php8.2/oldstable (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34a1a83f8a5efd6f9ac4b972839a954ef7374ce3...9568da7874527a33d88e775e99d5eba0cb0fddbb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34a1a83f8a5efd6f9ac4b972839a954ef7374ce3...9568da7874527a33d88e775e99d5eba0cb0fddbb
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260211/ad0ae2db/attachment-0001.htm>