[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jan 21 13:21:31 GMT 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e667ac72 by Moritz Muehlenhoff at 2026-01-21T14:20:58+01:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -722,41 +722,49 @@ CVE-2026-23534 (FreeRDP is a free implementation of the Remote Desktop Protocol.
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3frr-mp8w-4599
CVE-2026-23533 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-32q9-m5qr-9j2v
CVE-2026-23532 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fq8c-87hj-7gvr
CVE-2026-23531 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xj5h-9cr5-23c5
CVE-2026-23530 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-r4hv-852m-fq7p
CVE-2026-23732 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7qxp-j2fj-c3pp
CVE-2026-23883 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qcrr-85qx-4p6x
CVE-2026-23884 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
- freerdp3 3.21.0+dfsg-1
[trixie] - freerdp3 <no-dsa> (Minor issue)
- freerdp2 <removed>
+ [bookworm] - freerdp2 <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp
CVE-2026-23829 (Mailpit is an email testing tool and API for developers. Prior to vers ...)
NOT-FOR-US: Mailpit
@@ -1033,6 +1041,8 @@ CVE-2026-23529 (Kafka Connect BigQuery Connector is an implementation of a sink
NOT-FOR-US: Kafka Connect BigQuery Connector
CVE-2026-23528 (Dask distributed is a distributed task scheduler for Dask. Prior to 20 ...)
- dask.distributed <unfixed>
+ [trixie] - dask.distributed <no-dsa> (Minor issue)
+ [bookworm] - dask.distributed <no-dsa> (Minor issue)
NOTE: https://github.com/dask/distributed/security/advisories/GHSA-c336-7962-wfj2
NOTE: Fixed by: https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa (2026.1.1)
CVE-2026-23523 (Dive is an open-source MCP Host Desktop Application that enables integ ...)
@@ -12296,17 +12306,22 @@ CVE-2025-13407 (The Gravity Forms WordPress plugin before 2.9.23.1 does not prop
NOT-FOR-US: WordPress plugin
CVE-2025-12840 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
- openexr <unfixed> (bug #1123963)
+ [trixie] - openexr <postponed> (Revisit when fixed upstream)
+ [bookworm] - openexr <postponed> (Revisit when fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-991/
NOTE: https://lists.aswf.io/g/openexr-dev/topic/openexr_v3_4_3_is_staged_for/116040425
- TODO: check details
CVE-2025-12839 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
- openexr <unfixed> (bug #1123963)
+ [trixie] - openexr <postponed> (Revisit when fixed upstream)
+ [bookworm] - openexr <postponed> (Revisit when fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-990/
NOTE: https://lists.aswf.io/g/openexr-dev/topic/openexr_v3_4_3_is_staged_for/116040425
CVE-2025-12838 (MSP360 Free Backup Link Following Local Privilege Escalation Vulnerabi ...)
NOT-FOR-US: MSP360
CVE-2025-12495 (Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer ...)
- openexr <unfixed> (bug #1123963)
+ [trixie] - openexr <postponed> (Revisit when fixed upstream)
+ [bookworm] - openexr <postponed> (Revisit when fixed upstream)
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-989/
NOTE: https://lists.aswf.io/g/openexr-dev/topic/openexr_v3_4_3_is_staged_for/116040425
CVE-2025-12491 (Senstar Symphony FetchStoredLicense Information Disclosure Vulnerabili ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -42,6 +42,8 @@ linux (carnil)
--
mbedtls/oldstable
--
+modsecurity-crs (jmm)
+--
netty
Bastien Roucaries proposing an update
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e667ac72897f1058947e9b96a51a2cfd1c2e1e59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e667ac72897f1058947e9b96a51a2cfd1c2e1e59
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260121/fac2bb80/attachment.htm>
More information about the debian-security-tracker-commits
mailing list