[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jan 30 20:40:26 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
817b5f80 by Moritz Muehlenhoff at 2026-01-30T21:40:01+01:00
bookworm/trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -133,6 +133,8 @@ CVE-2026-25063 (gradle-completion provides Bash and Zsh completion support for G
 	NOTE: Fixed by: https://github.com/gradle/gradle-completion/commit/f0034a8a44b8191e5b764cf9b0211cade6ee55d7 (v9.3.1)
 CVE-2026-25061 (tcpflow is a TCP/IP packet demultiplexer. In versions up to and includ ...)
 	- tcpflow <unfixed> (bug #1126695)
+	[trixie] - tcpflow <no-dsa> (Minor issue)
+	[bookworm] - tcpflow <no-dsa> (Minor issue)
 	NOTE: https://github.com/simsong/tcpflow/security/advisories/GHSA-q5q6-frrv-9rj6
 	NOTE: https://github.com/simsong/tcpflow/commit/1d84fe8d59bb52c9a9da446a0fe6a31b2de15612
 CVE-2026-25047 (deepHas provides a test for the existence of a nested object key and o ...)
@@ -1421,6 +1423,7 @@ CVE-2026-XXXX [RUSTSEC-2026-0005: Potential use-after-free in oneshot when used
 	NOTE: https://github.com/faern/oneshot/issues/73
 CVE-2026-24686 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf's  ...)
 	- golang-github-theupdateframework-go-tuf <unfixed> (bug #1126581)
+	[trixie] - golang-github-theupdateframework-go-tuf <no-dsa> (Minor issue)
 	NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-jqc5-w2xx-5vq4
 	NOTE: https://github.com/theupdateframework/go-tuf/commit/d361e2ea24e427581343dee5c7a32b485d79fcc0 (v2.4.1)
 CVE-2026-24490 (MobSF is a mobile application security testing tool used. Prior to ver ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/817b5f80f783d024651c9c9a95d1d9478c88a693

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/817b5f80f783d024651c9c9a95d1d9478c88a693
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260130/34f3bab9/attachment.htm>

More information about the debian-security-tracker-commits mailing list