[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1670681a by Moritz Muehlenhoff at 2026-01-19T14:07:57+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -517,6 +517,8 @@ CVE-2026-0915 (Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch
 	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=e56ff82d5034ec66c6a78f517af6faa427f65b0b
 CVE-2026-0858 (Versions of the package net.sourceforge.plantuml:plantuml before 1.202 ...)
 	- plantuml <unfixed> (bug #1125750)
+	[trixie] - plantuml <no-dsa> (Minor issue)
+	[bookworm] - plantuml <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEPLANTUML-14552230
 	NOTE: https://github.com/plantuml/plantuml/commit/6826315db092d2e432aeab1a0894e08017c6e4bd (v1.2026.0)
 CVE-2026-0203 (An Improper Handling of Exceptional Conditions vulnerability in packet ...)
@@ -2753,6 +2755,7 @@ CVE-2026-22786 (Gin-vue-admin is a backstage management system based on vue and
 	NOT-FOR-US: Gin-vue-admin
 CVE-2026-22772 (Fulcio is a certificate authority for issuing code signing certificate ...)
 	- golang-github-sigstore-fulcio <unfixed>
+	[trixie] - golang-github-sigstore-fulcio <no-dsa> (Minor issue)
 	NOTE: https://github.com/sigstore/fulcio/security/advisories/GHSA-59jp-pj84-45mr
 	NOTE: Fixed by: https://github.com/sigstore/fulcio/commit/eaae2f2be56df9dea5f9b439ec81bedae4c0978d (v1.8.5)
 CVE-2026-22214 (RIOT OS versions up to and including 2026.01-devel-317 contain a stack ...)
@@ -26984,12 +26987,12 @@ CVE-2025-26694 (Null pointer dereference for some Intel(R) QAT Windows software
 	NOT-FOR-US: Intel
 CVE-2025-26405 (Improper control of dynamically-managed code resources for some Intel( ...)
 	- firmware-nonfree 20250410-1
-	[bookworm] - firmware-nonfree <no-dsa> (Minor issue)
+	[bookworm] - firmware-nonfree <not-affected> (VPU firmware not yet present)
 	NOTE: https://gitlab.com/kernel-firmware/linux-firmware/-/commit/495f77c714a65a42fa761cb7064f25cd1f3f1898 (20250410)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01304.html
 CVE-2025-26402 (Protection mechanism failure for some Intel(R) NPU Drivers within Ring ...)
 	- firmware-nonfree 20250410-1
-	[bookworm] - firmware-nonfree <no-dsa> (Minor issue)
+	[bookworm] - firmware-nonfree <not-affected> (VPU firmware not yet present)
 	NOTE: https://gitlab.com/kernel-firmware/linux-firmware/-/commit/495f77c714a65a42fa761cb7064f25cd1f3f1898 (20250410)
 	NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01304.html
 CVE-2025-25216 (Improper input validation in some firmware for some Intel(R) Graphics  ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -43,6 +43,8 @@ mbedtls/oldstable
 netty
   Bastien Roucaries proposing an update
 --
+node-tar
+--
 nodejs
 --
 opennds/oldstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1670681aa62bfbf8d2770c18de7f0e1f61a94a7d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1670681aa62bfbf8d2770c18de7f0e1f61a94a7d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260119/ae7792e5/attachment-0001.htm>