[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jan 18 19:38:07 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6409e9a9 by Moritz Muehlenhoff at 2026-01-18T20:37:57+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -71,9 +71,13 @@ CVE-2026-23643 (CakePHP is a rapid development framework for PHP. The PaginatorH
NOTE: Fixed by: https://github.com/cakephp/cakephp/commit/c842e7f45d85696e6527d8991dd72f525ced955f (5.3.1)
CVE-2026-22865 (Gradle is a build automation tool, and its native-platform tool provid ...)
- gradle <unfixed>
+ [trixie] - gradle <no-dsa> (Minor issue)
+ [bookworm] - gradle <no-dsa> (Minor issue)
NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-mqwm-5m85-gmcv
CVE-2026-22816 (Gradle is a build automation tool, and its native-platform tool provid ...)
- gradle <unfixed>
+ [trixie] - gradle <no-dsa> (Minor issue)
+ [bookworm] - gradle <no-dsa> (Minor issue)
NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-w78c-w6vf-rw82
NOTE: Fixed by: https://github.com/gradle/gradle/commit/e5707d0d8fce3d768c9c489004700d78eab1773a (v9.3.0-RC2)
CVE-2026-21223 (Microsoft Edge Elevation Service exposes a privileged COM interface th ...)
@@ -760,6 +764,8 @@ CVE-2026-20047 (A vulnerability in the web-based management interface of Cisco I
NOT-FOR-US: Cisco
CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resource co ...)
- libxml2 <unfixed> (bug #1125696)
+ [trixie] - libxml2 <no-dsa> (Minor issue)
+ [bookworm] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d
CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontrolled ...)
@@ -62454,7 +62460,7 @@ CVE-2025-54425 (Umbraco is an ASP.NET CMS. In versions 13.0.0 through 13.9.2, 15
CVE-2025-54410 (Moby is an open source container framework developed by Docker Inc. th ...)
[experimental] - docker.io 28.5.2+dfsg1-1
- docker.io <unfixed> (bug #1110408)
- [trixie] - docker.io <no-dsa> (Minor issue)
+ [trixie] - docker.io <ignored> (Minor issue, firewalld default backend is nftables and works fine)
[bookworm] - docker.io <no-dsa> (Minor issue)
NOTE: https://github.com/moby/moby/security/advisories/GHSA-4vq8-7jfc-9cvp
NOTE: Fixed by: https://github.com/moby/moby/commit/651b2feb27316cf907173c2a76cc6eb85f763663 (25.0-branch)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6409e9a946de41c24c3db191de5a80fa440ea200
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6409e9a946de41c24c3db191de5a80fa440ea200
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260118/45134380/attachment.htm>
More information about the debian-security-tracker-commits
mailing list