[Git][security-tracker-team/security-tracker][master] 2 commits: lts: add prometheus to dla-needed

Daniel Leidert (@dleidert) dleidert at debian.org
Mon Jun 1 02:31:11 BST 2026 


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
964d4b86 by Daniel Leidert at 2026-06-01T03:30:02+02:00
lts: add prometheus to dla-needed

- - - - -
221628ee by Daniel Leidert at 2026-06-01T03:30:17+02:00
Add patch link for CVE-2026-41401/libyang

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5484,7 +5484,7 @@ CVE-2026-41401 (libyang before 5.2.6 contains a heap use-after-free write vulner
 	- libyang <unfixed>
 	- libyang2 <removed>
 	NOTE: https://github.com/CESNET/libyang/security/advisories/GHSA-9f49-8x56-jmjc
-	TODO: research fixing commit in 5.2.6, but there is no such release in https://github.com/CESNET/libyang/releases/tag/v5.2.6
+	NOTE: Fixed by: https://github.com/CESNET/libyang/commit/54c3276d871023da266d4ed3ceaee7e8d71d0b04 (5.4.3)
 CVE-2026-41164 (nuts-node is the reference implementation of the Nuts specification. P ...)
 	TODO: check
 CVE-2026-40564 (Files or Directories Accessible to External Parties, Server-Side Reque ...)


=====================================
data/dla-needed.txt
=====================================
@@ -476,6 +476,10 @@ proftpd-dfsg
   NOTE: 20260511: https://lists.debian.org/debian-lts/2026/05/msg00015.html
   NOTE: 20260511: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commits/bullseye
 --
+prometheus
+  NOTE: 20260601: Added by Front-Desk (dleidert)
+  NOTE: 20260601: Follow DSA or support secteam with DSA (dleidert/front-desk)
+--
 prosody
   NOTE: 20260511: Added by Front-Desk (dleidert)
   NOTE: 20260511: Follow DSA 6252-1 fixing 4 CVEs (dleidert/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef750c149bbedf3036638d3d1e8aad2f1e3016d4...221628ee46d387fb68e0700f175cb8fa3b813c3b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ef750c149bbedf3036638d3d1e8aad2f1e3016d4...221628ee46d387fb68e0700f175cb8fa3b813c3b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260601/340c920b/attachment.htm>

More information about the debian-security-tracker-commits mailing list