January 2026 Archives by thread
Starting: Thu Jan 1 07:16:14 GMT 2026
Ending: Fri Jan 23 21:55:15 GMT 2026
Messages: 864
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-69277/libsodium via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for gnupg2 via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69412/messagelib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69413/gitea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4430-1 for net-snmp
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for gnupg2 via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-69412/messagelib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for starlette via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Apache rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Remove no-dsa annotations from fontforge CVEs which are marked unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] composer spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for fontforge issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15411/wabt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21428/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed rust-sequoia-openpgp update via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for smb4k security update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Document required followup for CVE-2025-64512/pdfminer
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Trick fixed version for CVE-2025-60458/uxplay via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2025-68973
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new open5gs CVEs, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15412/wabt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one more NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2023-50262 as not-affected for bullseye
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] dla: add back pdfminer
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-69277/libsodium: fix Debian bug reference
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Mark node-mongodb as removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add libsodium
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-68431/libheif: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-66004/usbmuxd via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add libmatio
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-15284/node-qs: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-69412/kf5-messagelib: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-12816,CVE-2025-66030,CVE-2025-66031/node-node-forge: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-66516/tika: bullseye fixed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: claim gimp in dla-needed.txt
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-14424 (gimp) as not affecting bullseye
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-14424/gimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-14180/php7.4: not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add php7.4
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-13836/python: reference introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: claim php7.4 in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4431-1 for gimp
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes on rejected CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct status for CVE-2025-37884 and sync with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: update NOTEs for gdcm
Emmanuel Arias ( at eamanu)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-13836/python: vulnerable code temporarily reverted on 3.9 branch only
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for some CVEs for linux upload to unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add pypy3
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21444/libtpms
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix via unstable for CVE-2025-69412/messagelib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: python3.9: note to sync with renamed packages python3.11 and python3.13
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add two new gpsd issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15438/pluxml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: drop hdf5 (limited support)
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] node-node-forge: proposed for EOL
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add reference to upstream issue for CVE-2026-21444
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-21444
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for mbedtls via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for curl via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-21444/libtpms via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for php-dompdf via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove planned twitter-boostrap3 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21452/mspack-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-69261/wasmedge
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2022-50798/sox: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] compare-embed-usertags: Use correct mirror for rsync to get data
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-21428/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-21452/msgpack-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add mapserver
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add ruby-rmagick
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: clarify mapserver
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-66471 for trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add gpsd
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-69194/wget2: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: claim curl in data/dla-needed.txt
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Take ruby-rmagick
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Review list for candidates for Debian 13.3 point release
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Move python-django down the list as it will likely miss the point release
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Move ruby3.1 down the list as it is not yet accepted
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove CVEs whichare already covered in a DSA for ruby3.1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Move two proposed updates down the list as too late for point release
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add edk2 for CVE-2024-13176
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for sogo via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] gimp DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Correct CVE id reference for sogo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2024-24510/sogo triaging for bullseye as ignored.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] CVE-2023-48104/sogo - triaging as ignored/too intrusive.
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Add notes for ceph and knot-resolver + unclaim; waiting on people
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4432-1 for curl
Carlos Henrique Lima Melara ( at charles)
- Processing 8fa92930da07073beff8ae636c2d19dc0442c04a failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] whisper.cpp is in the archive now
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] two ffmpeg issues fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-66034/fonttols via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] cbor2 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-rkyv issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-gix-date issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] semi-automatic unclaim after 2 weeks of inactivity
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Remove notes on rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Some Linux CVEs rejected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from rejected Linux CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for commit for CVE-2025-25473
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for rust-gix-date issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for rust-rkyv issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream pull request to fix some CVEs for frr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: drop guix, as it is now EOL
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] sodium DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Take libsodium
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4433-1 for ruby-rmagick
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim pdfminer.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add two more products for Apache CNA rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two more NFUs from Apache CNA rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla-needed: re-claim pillow
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-46415, CVE-2025-46416, CVE-2025-52991, CVE-2025-52992,...
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2025-50343/libmatio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15444
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69223/python-aiohttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69228/python-aiohttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69227/python-aiohttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69229/python-aiohttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69230/python-aiohttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69226/python-aiohttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69224/python-aiottp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69225/python-aiohttp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for Ubiquiti
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] py-aiohttp fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-4558/sogo - triaging as ignored/too intrusive for bullseye
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-4556/sogo - triaging as ignored/too intrusive for bullseye
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4434-1 for sogo
Tobias Frost ( at tobi)
- [Git][security-tracker-team/security-tracker][master] dla: p7zip assessment
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: p7zip-rar assessment
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update two CVEs based on kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync CVE-2025-68357 with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-8194
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: zabbix status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Correct status for two gpsd issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-68428/jspdf, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new CVEs for wolfssh, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage python-aiohttp for bullseye LTS (CVE-2025-69223,...
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Process two more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status on CVE-2022-50798/sox
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for two gpsd issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-50343
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add debian bug referene for CVE-2025-14569
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new chromium issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-13034/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-13034/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-14017/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-14524/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-14819/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15079/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15224/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2021-45340 is actually in libstb
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] fix note
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] ceph fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] tornado fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add two new issues in foomuuri
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add foomuuri to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4435-1 for libsodium
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] record upstream fix for libcaca
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] foomuuri DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] foomuuri fixed in sid + oss-sec reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-45340/libsixel
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2021-45340/libstb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add another product for Apache CNA rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] cleanup rejected entry
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new tlp issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-14524 in curl for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2026-0628
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Claim mbedtls again
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-15224/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new undertow issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Mediawiki rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new llama.cpp issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new kanboard issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new murky openldap issue, might also be an error in the use the function is used
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22184/zlib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21441/python-urllib3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15346/wolfssl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-13151/libtasn1-6
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct state for CVE-2025-15346
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Commvault CNA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update two gitlab related CVEs for issues only starting in later versions
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] miniflux fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-60753/libarchive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-5918/libarchive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-25724/libarchive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] slic3r removed from the archive
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add a dla-needed note for sudo
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Take map-server/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage python-urllib3 for bullseye LTS (CVE-2026-21441)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4374-2 for pdfminer
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] LTS: claim python-urllib3 in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] vlc DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dla-needed: update NOTE for gdcm
Emmanuel Arias ( at eamanu)
- [Git][security-tracker-team/security-tracker][master] bugnums
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] cleanup rejected CVE
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Release maplexer
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-27236/zabbix
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-49641/zabbix ignored
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-49643/zabbix
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Take zabbix dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-66418/python-urllib3 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22034/snuffleupagus
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22028/node-preact
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21892/python-parsl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21885/miniflux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21876/modsecurity-crs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21860/python-werkzeug
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-68158/python-authlib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-68151/coredns, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21895/rust-rsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Ad CVE-2026-0719/libsoup
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update tracking for CVE-2025-67859
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate some NFUs with itp'ed entry for pnpm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-22185/openldap
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-55780
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note for CVE-2016-1584
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-21876
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-0719
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Typo
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for kanboard issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update trcking for CVE-2026-22185/{openldap,lmdb}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0716/libsoup
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track as well libsoup2.4 for CVE-2026-0716
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct note on CVE-2026-22185
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] add one CVE reference for the VLC 3.0.22 security issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFU, concludes external check
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] python-filelock spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] openssh ospu/spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Remove one rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-68146 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2026-22185 in lmdb for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] according to #1119290 dnsdist is EOL in Bullseye, so there seems to be no need...
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] LTS: take gnupg2
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2026-21892/python-parsl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct association of CVE-2020-26296 and track vega.js status
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Cleanup one rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-14505/node-elliptic
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-56225/fluidsynth
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2023-2648{6,7}/vega.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status CVE-2025-25304/vega.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-27793/vega.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-26619/vega.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-59840/vega.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-65110
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-66648/vega.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Clarify one older NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-0716
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-67859
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium dsa
Andres Salomon ( at dilinger)
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2025-12385/qtdeclarative-opensource-src-gles via experimental
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2025-13151/libtasn1-6
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22773/vllm, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-23649/cosign
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22703/cosign
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2022-35929/cosign
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-23649: Drop reference to upstrema tag which does not seem correct
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2022-36056/cosign
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-46737/cosign
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-2990{2,3}/cosign
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22702/python-virtualenv
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22701/python-filelock
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22693/harfbuzz
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tow new pypdf issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add some new CVEs for ghost, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct version for suricata in trixie 13.3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Merge changes for updates with CVEs via trixie 13.3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Remove entries for pagure (removed from bookworm)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for pypdf issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for vega.js issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add ZDI reference for net-snmp issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for python-virtualenv issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for new python-filelock issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-14505/node-elliptic
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-22693/harfbuzz
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-21441/python-urllib3 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Pushed new branch users/ecite/fix-cve-2025-64344
Andreas Dolp ( at ecite)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Fix CVE-2025-64344 as fixed in suricata 1:7.0.10-1+deb13u2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Deleted branch users/ecite/fix-cve-2025-64344
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-13151 in libtasn1-6 for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Process two new issues in quickjs(-ng)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22610
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: auto-nfu: Add another product covered in Apache CNA rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-22693 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-22702 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] node-preact n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-68493/libstruts1.2-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15506/opencolorio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed zabbix
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Retake netty
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-53900/spip
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for net-snmp update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22776/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new wlc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-71063/errands
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new avahi issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-65105/apptainer
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] mark errands as no-dsa
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new qemu issue (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new libpng1.6 issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add mlflow rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-0665/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15514/ollama
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Emlog
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] new firefox issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add firefox-esr issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2023-53900/spip
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for avahi issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for opencolorio issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reclaim apache-log4j2, dcmtk and jackson-core
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for qemu issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22791/opencryptoki
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22772/golang-github-sigstore-fulcio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for wlc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference full commit id for libpng1.6 upstream fixes
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libpng1.6 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update NOTEs and mark CVE-2025-9086/curl as not affecting bookworm
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Add final release tag for CVE-2025-9086/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track firefox fixes via unstable for mfsa2026-01
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track firefox-esr issues fixed via unstable for mfsa2026-03
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new nodejs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nodejs issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] parsl DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] direwolf DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] wget2 fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVE changes from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4436-1 for linux-6.1
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] Remove pgbouncer from dla-needed.txt
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4437-1 for gnupg2
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Claim libmatio in dla-needed.txt
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-0665/qemu via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4438-1 for mongo-c-driver
Roberto C. Sánchez ( at roberto)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-71144/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add a note about netty/dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add new freerdp3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21889/weblate, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate two NFUs with weblate itp'ed entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22036/node-undici
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: re-claim ffmpeg in data/dla-needed.txt
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0532/kibana, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Remove one check item
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add one more product for Apache CNA rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add one more product for NVIDIA CNA rule
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-14242/vsftpd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop CVE-2025-9086/curl from DLA-4432-1 and mark bullseye not-affected
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-14874/node-nodemailer via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new wireshark issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0861/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-56226/libsndfile
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-70968/freeimage
Salvatore Bonaccorso ( at carnil)
- International Hardware Fair Cologne 2026 | Attendees List Access
Juanita Garcia
- [Git][security-tracker-team/security-tracker][master] CVE-2025-57052/cjson is already fixed in forky
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] dsa: mbedtls/stable got fixed via pu
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] NFUs (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22797/python-keystonemiddleware
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-71115
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4439-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Align with CVE-2026-0708 with CVE-2025-11010 and CVE-2025-6499
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-14242/vsftpd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] firefox-esr DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] errands spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-56226/libsndfile
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-59464
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new libxml2 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new gpac issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new glpi issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-0861
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-22036/node-undici
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-70968
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-22797/python-keystonemiddleware
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-22797 / python-keystonemiddleware only affects trixie
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 4 commits: add patch/mr link for CVE-2026-0989/libxml2
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-22797/python-keystonemiddleware via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-22036/node-undici via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add introducing commit for CVE-2026-22797/keystonemiddleware
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for linux issues fixed with 6.18.5-1 upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0988/glib2.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0980 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-0810/rust-gix-date allocated for RUSTSEC-2025-0140
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for wireshark issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for libxml2 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new airflow issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new golang issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new thunderbird issues from mfsa2026-05
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues fixes via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0915/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22045/traefik, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0858/plantuml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new openvpn issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update information for glibc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for wireshark issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove note from CVE-2022-50911 as it is rejected
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2025-10145 (duplicate of CVE-2023-7073)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23535/wlc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23528/dask.distributed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new mattermost-server issues (itp'ed)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-47844/xmind, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-15497/openvpn
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23490/pyasn1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15104/vnu, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-47800/b2evolution
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-47793 but keep todo item for now
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-47779/doilbarr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-0915/glibc as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-0915/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for two glibc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-0858
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-0988/glib2.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-23535/wlc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for pyasn1 issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4440-1 for ffmpeg
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Add pull-request for CVE-2025-14505
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23745/node-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23643/cakephp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new gradle issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new open5gs issues (itp'ed)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-22727/cakephp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two pcsx2 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for python-urllib3 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] thunderbird DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via experimental for CVE-2025-50343/libmatio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new keras issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: CVE-2025-2337: Mark bullseye as not-affected
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] data/CVE/list: CVE-2020-36428: Note libmatio CVE likely HDF5
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-68212/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Eclipse rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-23745/node-tar via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-64512/pdfminer via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark postgresql-17 as removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for postgresql issues in bookworm and trixie
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] ledgersmb removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed verison via unstable for CVE-2025-55780/mupdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for hoteldruid issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-13151/libtasn1-6
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] docker fixed in experimental
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark python-django as WIP.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] wget2 spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for golang issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4441-1 for gpsd
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] LTS: Add note for php7.4 in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] 4 commits: dla-needed: add pyasn1
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Take pyasn1 from dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0943/libharfbuzz-shaper-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: claim pypy3
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-23490/pyasn1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for python-ldap issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1144/quickjs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add notes for ceph and knot-resolver
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4442-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] lts: triage CVE-2026-22693/harfbuzz as postponed
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-29943/amd64-microcode
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] first batch of HDF cleanups now that 12.13 and 13.3 are out
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: lts: triage gradle issues as no-dsa
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Sync status for one CVE with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-68431/libheif via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] more HDF updates
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gpsd fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: pypy3 status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Fix typo in dla-needed.txt
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for freerdp3 issues addressed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for introducing commit for CVE-2025-2337
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-21876/modsecurity-crs via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4443-1 for dcmtk
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4444-1 for apache-log4j2
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] dla-needed: take python-aiohttp
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-54121/starlette
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add python-urllib3 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: unclaim pypy3
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23876/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23874/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22770/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23952/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23949/jaraco.context
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new node-tar issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-56226/libsndfile
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for new Foxit CNA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference pull request for fix for CVE-2025-3549
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new assimp issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new mapnik issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] solr n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4445-1 for python3.9
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] golang-github-hashicorp-go-getter removed from the archive
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15281/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] pcsx2 spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1180/keycloak
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0622/open5gs, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add unclear issue on ply (CVE-2025-56005)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Mark gitlab-ci-multi-runner as removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new set of nvidia-cuda-toolkit CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1145/quickjs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] python-keystonemiddleware DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] associate CVE-2025-15536 with src:opencc
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add new chromium issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new inetutils issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix typo in temporary description
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove tracking of proposed curl update in bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-39822/linux syncing with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22976/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Cleanup trailing whitespaces
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-24061/inetutils allocated
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new virtualbox issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Oracle rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 5 commits: lts: triage CVE-2025-13837/pypy3 as no-dsa
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] new Java issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new mysql-8.0 issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issue fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: lts: add node-tar
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] final batch of hdf5 updates
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new liblivemedia issue (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22977/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add reference for upstream commit for CVE-2025-15506
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-23949/jaraco.context
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for nvidia-cuda-toolkit issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for imagemagick issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-23949
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take vlc
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-15538
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-15537
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add inetutils to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian tracking bug for CVE-2026-24061/inetutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] assimp fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-3549/assimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-13878/bind9
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream commit references for bind9 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-31884/ceph
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new ollama issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-13465/node-lodash
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two libpng1.6 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-47857/moodle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two keycloak issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add bind9 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take care of releasing inetutils for DSA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0865/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] modsecurity-crs DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add imagemagick to dla-needed
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] link openjdk advisory
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for imagemagick issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add imagemagick to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for mysql-8.0 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed via unstable for openjdk-11
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for openjdk-17 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for openjdk-21 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for openjdk-25 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69209/arduino-core-avr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add back a todo item for CVE-2026-0865, should be reviewed/checked
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new python issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for inetutils update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] strip unimportant status from opencc, missed the lib
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add exploit references for CVE-2025-38352
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-tar fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new Python issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 5 commits: lts: triage CVE-2023-53900/spip as no-dsa
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2026-23949/jaraco.context
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed gpsd update via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: lts: CVE-2025-13878/bind9 n/a on bullseye
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] update status for some python issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim wireshark
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] also track CVE-2026-23949 for setuptools, thanks to jpfc for the note
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] lts: add apache2
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add two new incus issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2025-6536/tarantool
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track upstream fix for CVE-2025-15536/opencc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add pull request for CVE-2025-11468
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take bind9 for DSA release
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for bind9 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from some withdrawn CVEs (by its CNA)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add incus to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-24049/wheel
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-24001/node-diff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new issues in Mastodon, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Annoate wireshark that update is pinged to debian-security-tools team
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two new go-tuf issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23893/opencryptoki
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22807/vllm, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1225/logback
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-71176/pytest
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Re-triage CVE-2024-45230 in python-django for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Re-triage CVE-2024-41990 in python-django for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Te-triage CVE-2024-38875, CVE-2024-41990 and CVE-2024-45230 in python-django for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add myself for apache2/dla
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-12781/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for python-urllib3 regression update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update metadata for CVE-2024-24856/acpica-unix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-13353/gokey
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for incus via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust tracking for CVE-2025-47913/golang-go.crypto
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2025-22869/golang-go.crypto
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4446-1 for python-urllib3
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add two new rekor issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.25 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4426-2 for osslsigncode
Abhijith PA ( at abhijith)
- [Git][security-tracker-team/security-tracker][master] Remove notes from one withdrawn CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-21441/python-urllib3: Add link to commit which introduced the issue
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-24515/expat
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add prefixes for commits
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new set of gitea issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0798/gitea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: add inetutils
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-67847/moodle
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new issue in dr_flac, bundled in various applications
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15059/gimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] zvbi, gpsd ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-71074/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for jaraco.context via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: lts: jython and python2.7 EOL on bullseye
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] add some note for CVE-2024-45508
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add tracking bug for CVE-2025-34450/rtl-433
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] trixe/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Fix some notes
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-13465/node-lodash
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-15281/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-15059/gimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-23893/opencryptoki
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for golang-github-theupdateframework-go-tuf issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-24001
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-24049
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for rakor issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-24515/expat
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new batch of CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-24515/expat via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-69209
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-15536
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-22185
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust one CVE pending for zvbi via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for taglib via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-15536/opencc via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] incus DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track fixed version for CVE-2025-14523/libsoup3 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1299/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new protobuf issue (CVE-2026-0994)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-0775 and associate it with npm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-0994/protobuf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-67125/docopt.cpp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2021-47888/textpattern
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update status for python-django.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-22234/libspring-security-2.0-java
Salvatore Bonaccorso ( at carnil)
Last message date:
Fri Jan 23 21:55:15 GMT 2026
Archived on: Fri Jan 23 21:55:23 GMT 2026
This archive was generated by
Pipermail 0.09 (Mailman edition).