[Git][security-tracker-team/security-tracker][master] trixe/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c3dfd200 by Moritz Muehlenhoff at 2026-01-23T16:17:02+01:00
trixe/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -366,6 +366,8 @@ CVE-2026-23946 (Tendenci is an open source content management system built for n
 	NOT-FOR-US: Tendenci CMS
 CVE-2026-23893 (openCryptoki is a PKCS#11 library and provides tooling for Linux and A ...)
 	- opencryptoki <unfixed>
+	[trixie] - opencryptoki <no-dsa> (Minor issue)
+	[bookworm] - opencryptoki <no-dsa> (Minor issue)
 	NOTE: https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-j6c7-mvpx-jx5q
 	NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/5e6e4b42f2b1fcc1e4ef1b920e463bfa55da8b45
 CVE-2026-23887 (Group-Office is an enterprise customer relationship management and gro ...)
@@ -1232,6 +1234,8 @@ CVE-2025-12781 (When passing data to the b64decode(), standard_b64decode(), and
 	- python3.11 <removed>
 	- python3.9 <removed>
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/issues/125346
 	NOTE: https://github.com/python/cpython/pull/141128
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/KRI7GC6S27YV5NJ4FPDALS2WI5ENAFJ6/
@@ -1540,6 +1544,8 @@ CVE-2026-0865 (User-controlled header names and values containing newlines can a
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	- jython <unfixed>
 	[trixie] - jython <no-dsa> (Minor issue)
 	[bookworm] - jython <no-dsa> (Minor issue)
@@ -1559,6 +1565,8 @@ CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values and
 	- python3.11 <removed>
 	- python3.9 <removed>
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	NOTE: https://github.com/python/cpython/pull/143920
 	NOTE: https://github.com/python/cpython/issues/143919
 	NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/6VFLQQEIX673KXKFUZXCUNE5AZOGZ45M/
@@ -1595,6 +1603,8 @@ CVE-2025-15367 (The poplib module, when passed a user-controlled command, can ha
 	- python3.11 <removed>
 	- python3.9 <removed>
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- jython <unfixed>
@@ -1611,6 +1621,8 @@ CVE-2025-15366 (The imaplib module, when passed a user-controlled command, can h
 	- python3.11 <removed>
 	- python3.9 <removed>
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- jython <unfixed>
@@ -1627,6 +1639,8 @@ CVE-2025-15282 (User-controlled data URLs parsed by urllib.request.DataHandler a
 	- python3.11 <removed>
 	- python3.9 <removed>
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- jython <unfixed>
@@ -1647,6 +1661,8 @@ CVE-2025-11468 (When folding a long comment in an email header containing exclus
 	- python2.7 <removed>
 	[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
 	- pypy3 <unfixed>
+	[trixie] - pypy3 <no-dsa> (Minor issue)
+	[bookworm] - pypy3 <no-dsa> (Minor issue)
 	- jython <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/python/cpython/issues/143935
 	NOTE: https://github.com/python/cpython/pull/143936


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ frr/oldstable
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
+gimp (jmm)
+--
 git-lfs
 --
 imagemagick (jmm)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dfd2008cdd0b7add4da01993bef8a4981776a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c3dfd2008cdd0b7add4da01993bef8a4981776a5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260123/88f74fba/attachment-0001.htm>