[Git][security-tracker-team/security-tracker][master] 4 commits: dla-needed: add pyasn1

Daniel Leidert (@dleidert) dleidert at debian.org
Mon Jan 19 03:16:31 GMT 2026 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6e025c90 by Daniel Leidert at 2026-01-19T03:57:32+01:00
dla-needed: add pyasn1

- - - - -
7c22bceb by Daniel Leidert at 2026-01-19T04:07:48+01:00
lts: mark gpac as EOL in Bullseye according to debian-security-support

- - - - -
c60b8747 by Daniel Leidert at 2026-01-19T04:09:29+01:00
lts: mark keras as EOL in Bullseye accordingly to debian-security-support

- - - - -
95acdca6 by Daniel Leidert at 2026-01-19T04:13:19+01:00
dla-needed: add wireshark

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -804,6 +804,7 @@ CVE-2026-0976 (A flaw was found in Keycloak. This improper input validation vuln
 	- keycloak <itp> (bug #1088287)
 CVE-2026-0897 (Allocation of Resources Without Limits or Throttling in the HDF5 weigh ...)
 	- keras <removed>
+	[bullseye] - keras <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://github.com/keras-team/keras/pull/21880
 CVE-2026-0713 (A security vulnerability in the /apis/dashboard.grafana.app/* endpoint ...)
 	NOT-FOR-US: SICK AG
@@ -821,24 +822,34 @@ CVE-2025-70656 (Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflo
 	NOT-FOR-US: Tenda
 CVE-2025-70310 (A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allo ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70309 (A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4. ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70308 (An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4 ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70307 (A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allow ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70305 (A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attacke ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70304 (A buffer overflow in the vobsub_get_subpic_duration() function of GPAC ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70303 (A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 all ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70302 (A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2. ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70299 (A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0  ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-70298 (GPAC v2.4.0 was discovered to contain an out-of-bounds read in the ogg ...)
 	- gpac <removed>
+	[bullseye] - gpac <end-of-life> (EOL in bullseye LTS)
 CVE-2025-67647 (SvelteKit is a framework for rapidly developing robust, performant web ...)
 	NOT-FOR-US: SvelteKit
 CVE-2025-67246 (A local information disclosure vulnerability exists in the Ludashi dri ...)


=====================================
data/dla-needed.txt
=====================================
@@ -313,6 +313,10 @@ pillow (dleidert)
   NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
   NOTE: 20251222: WIP (dleidert)
 --
+pyasn1
+  NOTE: 20260119: Added by Front-Desk (dleidert)
+  NOTE: 20260119: Follow DSA and maybe help the security team here (dleidert)
+--
 pypy3
   NOTE: 20260102: Added by Front-Desk (Beuc)
   NOTE: 20260102: Lots of postponed CVEs pile-up
@@ -393,6 +397,10 @@ watcher
   NOTE: 20251027: Maintainer contacted (tobi)
   NOTE: 20251106: Part of OpenStack (Beuc/front-desk)
 --
+wireshark
+  NOTE: 20260119: Added by Front-Desk (dleidert)
+  NOTE: 20260119: Follow DSA and deal with no-dsa issues (dleidert/front-desk)
+--
 xmlrpc-c
   NOTE: 20250411: Added by Front-Desk (Beuc)
   NOTE: 20250411: See issues with old embedded expat library:



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd4984ab9e78104cb04c51397fe5b78014cf3154...95acdca6fbe04ec71304a975c640a290c2adc44c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/dd4984ab9e78104cb04c51397fe5b78014cf3154...95acdca6fbe04ec71304a975c640a290c2adc44c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260119/e90bfa9b/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list