[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b60f2afe by Moritz Muehlenhoff at 2026-01-23T15:32:37+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1541,6 +1541,8 @@ CVE-2026-0865 (User-controlled header names and values containing newlines can a
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- pypy3 <unfixed>
 	- jython <unfixed>
+	[trixie] - jython <no-dsa> (Minor issue)
+	[bookworm] - jython <no-dsa> (Minor issue)
 	[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://github.com/python/cpython/pull/143917
 	NOTE: https://github.com/python/cpython/issues/143916
@@ -1596,6 +1598,8 @@ CVE-2025-15367 (The poplib module, when passed a user-controlled command, can ha
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- jython <unfixed>
+	[trixie] - jython <no-dsa> (Minor issue)
+	[bookworm] - jython <no-dsa> (Minor issue)
 	[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://github.com/python/cpython/issues/143923
 	NOTE: https://github.com/python/cpython/pull/143924
@@ -1610,6 +1614,8 @@ CVE-2025-15366 (The imaplib module, when passed a user-controlled command, can h
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- jython <unfixed>
+	[trixie] - jython <no-dsa> (Minor issue)
+	[bookworm] - jython <no-dsa> (Minor issue)
 	[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://github.com/python/cpython/issues/143921
 	NOTE: https://github.com/python/cpython/pull/143922
@@ -1624,6 +1630,8 @@ CVE-2025-15282 (User-controlled data URLs parsed by urllib.request.DataHandler a
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- jython <unfixed>
+	[trixie] - jython <no-dsa> (Minor issue)
+	[bookworm] - jython <no-dsa> (Minor issue)
 	[bullseye] - jython <end-of-life> (EOL in bullseye LTS)
 	NOTE: https://github.com/python/cpython/issues/143925
 	NOTE: https://github.com/python/cpython/pull/143926
@@ -1858,6 +1866,8 @@ CVE-2025-14376 (A security issue was discovered within the legacy ADI server com
 	NOT-FOR-US: Rockwell Automation
 CVE-2025-14369 (dr_flac, an audio decoder within the dr_libs toolset, contains an inte ...)
 	- libsdl2-mixer <unfixed>
+	[trixie] - libsdl2-mixer <no-dsa> (Minor issue)
+	[bookworm] - libsdl2-mixer <no-dsa> (Minor issue)
 	- libchdr <unfixed>
 	NOTE: qtads, dosbox-x and love bundle a copy, but these are standalone end user apps, so no security impact
 	NOTE: https://github.com/mackron/dr_libs/commit/b2197b2eb7bb609df76315bebf44db4ec2a1aed0


=====================================
data/dsa-needed.txt
=====================================
@@ -29,10 +29,10 @@ gh/oldstable
 --
 git-lfs
 --
-imagemagick
+imagemagick (jmm)
   Bastien will prepare updates
 --
-incus
+incus (jmm)
   Mathias Gibbens prepared updates
 --
 jackson-core
@@ -58,6 +58,7 @@ openjdk-17 (jmm)
 openjdk-21/stable (jmm)
 --
 openjdk-25/stable (jmm)
+  needs jtreg8 in trixie first
 --
 opennds/oldstable
   pinged maintainer, but no reply yet. should most probably be bumped to 10.x



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b60f2afe772efcbd69892a757806f2ca5b3bd375

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b60f2afe772efcbd69892a757806f2ca5b3bd375
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/ed40c339/attachment-0001.htm>