[Git][security-tracker-team/security-tracker][master] 5 commits: lts: triage CVE-2023-53900/spip as no-dsa

Emilio Pozuelo Monfort (@pochu) pochu at debian.org
Thu Jan 22 13:12:13 GMT 2026 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / security-tracker


Commits:
af122516 by Emilio Pozuelo Monfort at 2026-01-22T14:11:33+01:00
lts: triage CVE-2023-53900/spip as no-dsa

- - - - -
80a85bf7 by Emilio Pozuelo Monfort at 2026-01-22T14:11:34+01:00
lts: triage CVE-2025-15538/assimp as postponed

- - - - -
9f1abe43 by Emilio Pozuelo Monfort at 2026-01-22T14:11:36+01:00
lts: triage CVE-2026-0858/plantuml as no-dsa

- - - - -
818b7f14 by Emilio Pozuelo Monfort at 2026-01-22T14:11:37+01:00
lts: triage CVE-2025-15506/opencolorio as no-dsa

- - - - -
b34872f4 by Emilio Pozuelo Monfort at 2026-01-22T14:11:38+01:00
lts: triage wlc issues as no-dsa

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1082,6 +1082,7 @@ CVE-2025-15538 (A security vulnerability has been detected in Open Asset Import
 	- assimp <unfixed> (bug #1126072)
 	[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
 	[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+	[bullseye] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
 	NOTE: https://github.com/assimp/assimp/issues/6258
 CVE-2026-0943 (HarfBuzz::Shaper versions before 0.032 for Perl contains a bundled lib ...)
 	- libharfbuzz-shaper-perl <not-affected> (Vulnerable code not present)
@@ -1297,6 +1298,7 @@ CVE-2026-23535 (wlc is a Weblate command-line client using Weblate's REST API. P
 	- wlc <unfixed> (bug #1125755)
 	[trixie] - wlc <no-dsa> (Minor issue)
 	[bookworm] - wlc <no-dsa> (Minor issue)
+	[bullseye] - wlc <no-dsa> (Minor issue)
 	NOTE: https://github.com/WeblateOrg/wlc/security/advisories/GHSA-mmwx-79f6-67jg
 	NOTE: https://github.com/WeblateOrg/wlc/pull/1128
 	NOTE: Fixed by: https://github.com/WeblateOrg/wlc/commit/216e691c6e50abae97fe2e4e4f21501bf49a585f (1.17.2)
@@ -1565,6 +1567,7 @@ CVE-2026-0858 (Versions of the package net.sourceforge.plantuml:plantuml before
 	- plantuml <unfixed> (bug #1125750)
 	[trixie] - plantuml <no-dsa> (Minor issue)
 	[bookworm] - plantuml <no-dsa> (Minor issue)
+	[bullseye] - plantuml <no-dsa> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JAVA-NETSOURCEFORGEPLANTUML-14552230
 	NOTE: https://github.com/plantuml/plantuml/commit/6826315db092d2e432aeab1a0894e08017c6e4bd (v1.2026.0)
 CVE-2026-0203 (An Improper Handling of Exceptional Conditions vulnerability in packet ...)
@@ -3923,6 +3926,7 @@ CVE-2026-22251 (wlc is a Weblate command-line client using Weblate's REST API. P
 	- wlc <unfixed> (bug #1125441)
 	[trixie] - wlc <no-dsa> (Minor issue)
 	[bookworm] - wlc <no-dsa> (Minor issue)
+	[bullseye] - wlc <no-dsa> (Minor issue)
 	NOTE: https://github.com/WeblateOrg/wlc/security/advisories/GHSA-9rp8-h4g8-8766
 	NOTE: https://github.com/WeblateOrg/wlc/pull/1098
 	NOTE: Fixed by: https://github.com/WeblateOrg/wlc/commit/aafdb507a9e66574ade1f68c50c4fe75dbe80797 (1.17.0)
@@ -3930,6 +3934,7 @@ CVE-2026-22250 (wlc is a Weblate command-line client using Weblate's REST API. P
 	- wlc <unfixed> (bug #1125440)
 	[trixie] - wlc <no-dsa> (Minor issue)
 	[bookworm] - wlc <no-dsa> (Minor issue)
+	[bullseye] - wlc <no-dsa> (Minor issue)
 	NOTE: https://github.com/WeblateOrg/wlc/security/advisories/GHSA-2mmv-7rrp-g8xh
 	NOTE: https://github.com/WeblateOrg/wlc/pull/1097
 	NOTE: Fixed by: https://github.com/WeblateOrg/wlc/commit/a513864ec4daad00146e6d6e039559726e256fa3 (1.17.0)
@@ -4076,6 +4081,7 @@ CVE-2025-15506 (A vulnerability was found in AcademySoftwareFoundation OpenColor
 	- opencolorio <unfixed> (bug #1125416)
 	[trixie] - opencolorio <no-dsa> (Minor issue)
 	[bookworm] - opencolorio <no-dsa> (Minor issue)
+	[bullseye] - opencolorio <no-dsa> (Minor issue)
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenColorIO/issues/2228
 	NOTE: https://github.com/AcademySoftwareFoundation/OpenColorIO/pull/2231
 	NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/OpenColorIO/commit/095ae2d9fff0c292212a652a32206ab0bed53179 (v2.5.1)
@@ -16128,6 +16134,7 @@ CVE-2023-53901 (WBCE CMS 1.6.1 contains a cross-site scripting vulnerability tha
 CVE-2023-53900 (Spip 4.1.10 contains a file upload vulnerability that allows attackers ...)
 	- spip <unfixed> (bug #1125413)
 	[trixie] - spip <no-dsa> (Minor issue)
+	[bullseye] - spip <no-dsa> (Minor issue)
 	NOTE: https://www.exploit-db.com/exploits/51557
 CVE-2023-53899 (PodcastGenerator 3.2.9 contains a blind server-side request forgery vu ...)
 	NOT-FOR-US: PodcastGenerator



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d2492fbd00f3fe58075636a2e9e9a1b9b27e21b1...b34872f4f7369e247d6a6e4de1117ad7baeedf6c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/d2492fbd00f3fe58075636a2e9e9a1b9b27e21b1...b34872f4f7369e247d6a6e4de1117ad7baeedf6c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260122/2a506c46/attachment.htm>

More information about the debian-security-tracker-commits mailing list