[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Feb 17 08:49:43 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
660b4b44 by Moritz Muehlenhoff at 2026-02-17T09:49:34+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1043,6 +1043,8 @@ CVE-2026-2026 (A vulnerability has been identified where weak file permissions i
 	NOT-FOR-US: Tenable
 CVE-2026-26269 (Vim is an open source, command line text editor. Prior to 9.1.2148, a  ...)
 	- vim <unfixed> (bug #1127930)
+	[trixie] - vim <no-dsa> (Minor issue)
+	[bookworm] - vim <no-dsa> (Minor issue)
 	NOTE: https://github.com/vim/vim/security/advisories/GHSA-9w5c-hwr9-hc68
 	NOTE: Fixed by: https://github.com/vim/vim/commit/c5f312aad8e4179e437f81ad39a860cd0ef11970 (v9.1.2148)
 CVE-2026-26268 (Cursor is a code editor built for programming with AI. Sandbox escape  ...)
@@ -2752,6 +2754,7 @@ CVE-2025-32739 (Improper conditions check in some firmware for some Intel(R) Gra
 	NOT-FOR-US: Intel
 CVE-2025-32735 (Improper conditions check in some firmware for some Intel(R) NPU Drive ...)
 	- firmware-nonfree 20251011-1
+	[trixie] - firmware-nonfree <no-dsa> (Minor issue)
 	[bookworm] - firmware-nonfree <not-affected> (VPU firmware not yet present)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01403.html
 	NOTE: https://gitlab.com/kernel-firmware/linux-firmware/-/commit/d2404284b6ce4ee34ca56351d8741cdc61d81910 (20251011)
@@ -10367,7 +10370,9 @@ CVE-2025-13465 (Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototyp
 CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), and urlsaf ...)
 	- python3.14 <unfixed>
 	- python3.13 <unfixed>
+	[trixie] - python3.13 <no-dsa> (Minor issue)
 	- python3.11 <removed>
+	[bookworm] - python3.11 <no-dsa> (Minor issue)
 	- python3.9 <removed>
 	[bullseye] - python3.9 <ignored> (Minor issue, no fix, only additional warnings)
 	- pypy3 <unfixed>


=====================================
data/dsa-needed.txt
=====================================
@@ -24,6 +24,8 @@ cpp-httplib
 frr/oldstable
   coordination with the maintainer ongoing, Daniel Baumann proposing an update
 --
+gegl
+--
 gnutls28
   Maintainer prepared updates for review
 --
@@ -42,6 +44,8 @@ libpng1.6
 libreswan/oldstable
   Waiting on feedback from maintainer
 --
+libvpx (jmm)
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more 6.1.y versions



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660b4b446204293a85fd8bc741cde6225b64f7d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/660b4b446204293a85fd8bc741cde6225b64f7d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260217/d434654d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list