[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-23893/opencryptoki: bullseye postponed

Sat Jan 31 09:53:15 GMT 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
43b0ca96 by Sylvain Beucler at 2026-01-31T10:45:50+01:00
CVE-2026-23893/opencryptoki: bullseye postponed

follow bookworm triage

- - - - -
b3da337f by Sylvain Beucler at 2026-01-31T10:46:45+01:00
dla: drop opencryptoki

2 postponed issues, no feedback from maintainer after >8 months

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2953,6 +2953,7 @@ CVE-2026-23893 (openCryptoki is a PKCS#11 library and provides tooling for Linux
 	- opencryptoki <unfixed> (bug #1126268)
 	[trixie] - opencryptoki <no-dsa> (Minor issue)
 	[bookworm] - opencryptoki <no-dsa> (Minor issue)
+	[bullseye] - opencryptoki <postponed> (Minor issue)
 	NOTE: https://github.com/opencryptoki/opencryptoki/security/advisories/GHSA-j6c7-mvpx-jx5q
 	NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/5e6e4b42f2b1fcc1e4ef1b920e463bfa55da8b45
 CVE-2026-23887 (Group-Office is an enterprise customer relationship management and gro ...)


=====================================
data/dla-needed.txt
=====================================
@@ -293,13 +293,6 @@ nvidia-graphics-drivers
   NOTE: 20250630: With reply from maintainer, tiraged some CVEs accordingly and updated the security tracker (tobi)
   NOTE: 20250707: Maintainer offered to prepare a backport of upstream R515, offered to test them, after DebConf (tobi)
 --
-opencryptoki
-  NOTE: 20250505: Added by Front-Desk (Beuc)
-  NOTE: 20250505: For CVE-2024-0914 ("Marvin Attack"),
-  NOTE: 20250505: we probably need to backport a few constant-time pre-requisite commits:
-  NOTE: 20250505: https://github.com/opencryptoki/opencryptoki/issues/731#issuecomment-1851436555
-  NOTE: 20250505: Cf. #1104729 to determine whether to fix or ignore this in all dists (Beuc/front-desk)
---
 openssl (ah)
   NOTE: 20260128: Added by Front-Desk (Beuc)
   NOTE: 20260128: Follow DSA-6113-1, though we're only affected by the Low severity ones (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c258f53846d12891c12685a95cdff11a88314ec...b3da337fcd91225f09af8a2f2bb8623269de0286

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2c258f53846d12891c12685a95cdff11a88314ec...b3da337fcd91225f09af8a2f2bb8623269de0286
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260131/7f674c9c/attachment-0001.htm>
