[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Feb 28 16:29:22 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c33f7850 by Moritz Muehlenhoff at 2026-02-28T17:28:56+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -1431,10 +1431,12 @@ CVE-2026-27195 (Wasmtime is a runtime for WebAssembly. Starting with Wasmtime 39
NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xjhv-v822-pf94
CVE-2026-27572 (Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0. ...)
- rust-wasmtime 36.0.6+dfsg-1
+ [trixie] - rust-wasmtime <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0021.html
NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-243v-98vx-264h
CVE-2026-27204 (Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0. ...)
- rust-wasmtime 36.0.6+dfsg-1
+ [trixie] - rust-wasmtime <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0020.html
NOTE: https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-852m-cvvp-9p4w
CVE-2026-3131 (Improper access control in multiple DVLS REST API endpoints in Devolu ...)
@@ -15629,11 +15631,13 @@ CVE-2026-23954 (Incus is a system container and virtual machine manager. Version
- incus 6.0.5-8
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-7f67-crqm-jgh7
+ NOTE: https://github.com/canonical/lxd/commit/6343c2cb0c2c5d4057821f05094671bff032ede8 (lxd-5.0.6)
CVE-2026-23953 (Incus is a system container and virtual machine manager. In versions 6 ...)
{DSA-6109-1}
- incus 6.0.5-8
- lxd <removed>
NOTE: https://github.com/lxc/incus/security/advisories/GHSA-x6jc-phwx-hp32
+ NOTE: https://github.com/canonical/lxd/commit/6343c2cb0c2c5d4057821f05094671bff032ede8 (lxd-5.0.6)
CVE-2024-31884
{DLA-4482-1}
- ceph <unfixed> (bug #1126573)
=====================================
data/dsa-needed.txt
=====================================
@@ -44,7 +44,7 @@ linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more 6.1.y versions
--
-lxd
+lxd (jmm)
Maintainer prepared an update fot two CVEs for review
--
mbedtls/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33f7850e94bdf95295f00b0a560b7ab336f01f2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c33f7850e94bdf95295f00b0a560b7ab336f01f2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260228/98b4791c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list