[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Jun 2 09:09:13 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2a54d1ea by Moritz Muehlenhoff at 2026-06-02T10:07:59+02:00
trixie/bookworm triage

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -956,6 +956,8 @@ CVE-2026-49489 (OpenCATS through 0.9.7.4 contains a sql injection vulnerability
 	NOT-FOR-US: OpenCATS
 CVE-2026-10194 (A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the  ...)
 	- dcmtk <unfixed>
+	[trixie] - dcmtk <no-dsa> (Minor issue)
+	[bookworm] - dcmtk <no-dsa> (Minor issue)
 	NOTE: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=0f78a4ef6f645ea5530166e445e5436a5de58e75
 CVE-2026-10193 (A security flaw has been discovered in OFCMS up to 1.1.3. The impacted ...)
 	NOT-FOR-US: OFCMS
@@ -1190,12 +1192,16 @@ CVE-2026-8594 (Text::LineFold versions through 2019.001 for Perl duplicate the o
 	NOTE: Patch: https://security.metacpan.org/patches/U/Unicode-LineBreak/2019.001/CVE-2026-8594-r1.patch
 CVE-2026-48711
 	- sshfs-fuse 3.7.3-1.2 (bug #1138293)
+	[trixie] - sshfs-fuse <no-dsa> (Minor issue)
+	[bookworm] - sshfs-fuse <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/3
 	NOTE: https://github.com/libfuse/sshfs/security/advisories/GHSA-mm85-q63v-4476
 	NOTE: https://github.com/libfuse/sshfs/pull/362
 	NOTE: Fixed by: https://github.com/libfuse/sshfs/commit/6678accb85ea4aec15dae9961b92af8d12501a66 (sshfs-3.7.6)
 CVE-2026-47187
 	- sshfs-fuse 3.7.3-1.2 (bug #1138293)
+	[trixie] - sshfs-fuse <no-dsa> (Minor issue)
+	[bookworm] - sshfs-fuse <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/30/3
 	NOTE: https://github.com/libfuse/sshfs/security/advisories/GHSA-pjv6-2c3f-r357
 	NOTE: https://github.com/libfuse/sshfs/pull/361
@@ -1242,7 +1248,9 @@ CVE-2026-46384 (iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, severa
 	NOT-FOR-US: iskorotkov/avro
 CVE-2026-45700 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.26.0+dfsg-1
+	[trixie] - freerdp3 <no-dsa> (Minor issue)
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mpxh-8fq3-x8mh
 CVE-2026-45697 (Formie is a Craft CMS plugin for creating forms. Prior to 2.2.20 and 3 ...)
 	NOT-FOR-US: Formie Craft CMS plugin
@@ -11465,6 +11473,8 @@ CVE-2026-44308 (Spring Cloud AWS simplifies using AWS managed services in a Spri
 	NOT-FOR-US: Spring Cloud AWS
 CVE-2026-44283 (etcd is a distributed key-value store for the data of a distributed sy ...)
 	- etcd 3.5.16-11 (bug #1136829)
+	[trixie] - etcd <no-dsa> (Minor issue)
+	[bookworm] - etcd <no-dsa> (Minor issue)
 	NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-x35m-3gp4-4fh5
 	NOTE: https://github.com/etcd-io/etcd/pull/21677
 	NOTE: https://github.com/etcd-io/etcd/pull/21680


=====================================
data/DSA/list
=====================================
@@ -5,7 +5,7 @@
 	{CVE-2026-5056 CVE-2026-46469 CVE-2026-46470}
 	[trixie] - gst-plugins-good1.0 1.26.2-1+deb13u1
 [01 Jun 2026] DSA-6317-1 symfony - security update
-	{CVE-2024-50340 CVE-2026-45063 CVE-2026-45065 CVE-2026-45067 CVE-2026-45068 CVE-2026-45071 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 CVE-2026-48784}
+	{CVE-2024-50340 CVE-2026-45063 CVE-2026-45065 CVE-2026-45067 CVE-2026-45068 CVE-2026-45071 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 CVE-2026-45070 CVE-2026-48784}
 	[bookworm] - symfony 5.4.53+dfsg-0+deb12u1
 [31 May 2026] DSA-6316-1 chromium - security update
 	{CVE-2026-9872 CVE-2026-9873 CVE-2026-9874 CVE-2026-9875 CVE-2026-9876 CVE-2026-9877 CVE-2026-9878 CVE-2026-9879 CVE-2026-9880 CVE-2026-9881 CVE-2026-9882 CVE-2026-9883 CVE-2026-9884 CVE-2026-9885 CVE-2026-9886 CVE-2026-9887 CVE-2026-9888 CVE-2026-9889 CVE-2026-9890 CVE-2026-9891 CVE-2026-9892 CVE-2026-9893 CVE-2026-9894 CVE-2026-9895 CVE-2026-9896 CVE-2026-9897 CVE-2026-9898 CVE-2026-9899 CVE-2026-9900 CVE-2026-9901 CVE-2026-9902 CVE-2026-9903 CVE-2026-9904 CVE-2026-9905 CVE-2026-9906 CVE-2026-9907 CVE-2026-9908 CVE-2026-9909 CVE-2026-9910 CVE-2026-9911 CVE-2026-9912 CVE-2026-9913 CVE-2026-9914 CVE-2026-9915 CVE-2026-9916 CVE-2026-9917 CVE-2026-9918 CVE-2026-9919 CVE-2026-9920 CVE-2026-9921 CVE-2026-9922 CVE-2026-9923 CVE-2026-9924 CVE-2026-9925 CVE-2026-9926 CVE-2026-9927 CVE-2026-9928 CVE-2026-9929 CVE-2026-9930 CVE-2026-9931 CVE-2026-9932 CVE-2026-9933 CVE-2026-9934 CVE-2026-9935 CVE-2026-9936 CVE-2026-9937 CVE-2026-9938 CVE-2026-9939 CVE-2026-9940 CVE-2026-9941 CVE-2026-9942 CVE-2026-9943 CVE-2026-9944 CVE-2026-9945 CVE-2026-9946 CVE-2026-9947 CVE-2026-9948 CVE-2026-9949 CVE-2026-9950 CVE-2026-9951 CVE-2026-9952 CVE-2026-9953 CVE-2026-9954 CVE-2026-9955 CVE-2026-9956 CVE-2026-9957 CVE-2026-9958 CVE-2026-9959 CVE-2026-9960 CVE-2026-9961 CVE-2026-9962 CVE-2026-9963 CVE-2026-9964 CVE-2026-9965 CVE-2026-9966 CVE-2026-9967 CVE-2026-9968 CVE-2026-9969 CVE-2026-9970 CVE-2026-9971 CVE-2026-9972 CVE-2026-9973 CVE-2026-9974 CVE-2026-9975 CVE-2026-9976 CVE-2026-9977 CVE-2026-9978 CVE-2026-9979 CVE-2026-9980 CVE-2026-9981 CVE-2026-9982 CVE-2026-9983 CVE-2026-9984 CVE-2026-9985 CVE-2026-9986 CVE-2026-9987 CVE-2026-9988 CVE-2026-9989 CVE-2026-9990 CVE-2026-9991 CVE-2026-9992 CVE-2026-9993 CVE-2026-9994 CVE-2026-9995 CVE-2026-9996 CVE-2026-9997 CVE-2026-9998 CVE-2026-9999 CVE-2026-10000 CVE-2026-10001 CVE-2026-10002 CVE-2026-10003 CVE-2026-10004 CVE-2026-10005 CVE-2026-10006 CVE-2026-10007 CVE-2026-10008 CVE-2026-10009 CVE-2026-10010 CVE-2026-10011 CVE-2026-10012 CVE-2026-10013 CVE-2026-10014 CVE-2026-10015 CVE-2026-10016 CVE-2026-10017 CVE-2026-10018 CVE-2026-10019 CVE-2026-10020 CVE-2026-10021 CVE-2026-10022}


=====================================
data/dsa-needed.txt
=====================================
@@ -121,3 +121,5 @@ unbound/oldstable
 --
 xrdp
 --
+xorg-server
+--



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a54d1ea22f598c41efe36d727dcdbc04067b3ea

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2a54d1ea22f598c41efe36d727dcdbc04067b3ea
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/67eaca2d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list