[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Mon Jan 19 15:29:06 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2bfe68fd by Moritz Muehlenhoff at 2026-01-19T16:28:56+01:00
trixie/bookworm triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3044,16 +3044,16 @@ CVE-2026-0824 (A security flaw has been discovered in questdb ui up to 1.11.9. I
NOT-FOR-US: questdb ui
CVE-2026-0822 (A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. Thi ...)
- quickjs <unfixed>
+ [trixie] - quickjs <no-dsa> (Minor issue)
NOTE: https://github.com/quickjs-ng/quickjs/issues/1297
NOTE: https://github.com/quickjs-ng/quickjs/pull/1298
NOTE: Fixed by: https://github.com/quickjs-ng/quickjs/commit/53eefbcd695165a3bd8c584813b472cb4a69fbf5
- TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng, #1120722
CVE-2026-0821 (A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. Thi ...)
- quickjs <unfixed>
+ [trixie] - quickjs <no-dsa> (Minor issue)
NOTE: https://github.com/quickjs-ng/quickjs/issues/1296
NOTE: https://github.com/quickjs-ng/quickjs/pull/1299
NOTE: Fixed by: https://github.com/quickjs-ng/quickjs/commit/c5d80831e51e48a83eab16ea867be87f091783c5
- TODO: check, if inpacts quickjs actually or only the itp'ed quickjs-ng, #1120722
CVE-2025-62235 (Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Rec ...)
NOT-FOR-US: Apache software not packaged in Debian
CVE-2025-53477 (NULL Pointer Dereference vulnerability in Apache Nimble. Missing vali ...)
@@ -157415,6 +157415,7 @@ CVE-2024-6442 (In ascs_cp_rsp_add in /subsys/bluetooth/audio/ascs.c, an unchecke
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2024-47855 (util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalance ...)
- libjson-java 3.1.0+dfsg-1 (bug #1084191)
+ [bookworm] - libjson-java <no-dsa> (Minor issue)
[bullseye] - libjson-java <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/kordamp/json-lib/commit/a0c4a0eae277130e22979cf307c95dec4005a78e (v3.1.0)
CVE-2024-47854 (An XSS vulnerability was discovered in Veritas Data Insight before 7.1 ...)
@@ -398248,38 +398249,38 @@ CVE-2021-40267
RESERVED
CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vul ...)
- freeimage <unfixed> (bug #1055305)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <postponed> (Fix together with some other upload, low severity, DoS in user interactive software)
NOTE: https://sourceforge.net/p/freeimage/bugs/334/
NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40266.patch
CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...)
- freeimage <unfixed> (bug #1055304)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/337/
CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before 1.18.0 via ...)
- freeimage <unfixed> (bug #1055303)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/335/
CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad funct ...)
- freeimage <unfixed> (bug #1055302)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <postponed> (Fix together with some other upload, low severity, DoS in user interactive software)
NOTE: https://sourceforge.net/p/freeimage/bugs/336/
NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2021-40263.patch
CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...)
- freeimage <unfixed> (bug #1055301)
- [trixie] - freeimage <no-dsa> (Minor issue)
- [bookworm] - freeimage <no-dsa> (Minor issue)
+ [trixie] - freeimage <postponed> (Revisit when fixed upstream)
+ [bookworm] - freeimage <postponed> (Revisit when fixed upstream)
[bullseye] - freeimage <no-dsa> (Minor issue)
[buster] - freeimage <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/freeimage/bugs/338/
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bfe68fd40ef4032f09c659da35ee89264120fc9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2bfe68fd40ef4032f09c659da35ee89264120fc9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260119/097e2d8d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list