[Git][security-tracker-team/security-tracker][master] bullseye triagging

Bastien Roucariès (@rouca) rouca at debian.org
Wed Jun 10 20:27:36 BST 2026 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
17eeb779 by Bastien Roucariès at 2026-06-10T21:27:15+02:00
bullseye triagging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2714,6 +2714,7 @@ CVE-2020-37248 (OfflineIMAP before 8.0.3 trusts the server with their STARTTLS c
 	- offlineimap3 <unfixed> (bug #1139329)
 	[trixie] - offlineimap3 <no-dsa> (Minor issue)
 	[bookworm] - offlineimap3 <no-dsa> (Minor issue)
+	[bullseye] - offlineimap3 <postponed> (Minor issue)
 	NOTE: https://github.com/OfflineIMAP/offlineimap3/issues/222
 	NOTE: https://github.com/OfflineIMAP/offlineimap/issues/669
 	NOTE: Fixed by: https://github.com/OfflineIMAP/offlineimap3/commit/46505c53ef995455d66c685f9ec3ff6ea93dbb74 (v8.0.3)
@@ -3282,6 +3283,7 @@ CVE-2026-11332 (A flaw was found in ansible-core. The ansible-galaxy role instal
 	[trixie] - ansible-core <no-dsa> (Minor issue)
 	[bookworm] - ansible-core <no-dsa> (Minor issue)
 	- ansible 5.4.0-1
+	[bookworm] - ansible <postponed> (Minor issue)
 	NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2485379
 	NOTE: https://github.com/ansible/ansible/pull/87070
@@ -5375,6 +5377,7 @@ CVE-2026-10805 (A flaw was found in NetworkManager. This local privilege escalat
 	- network-manager <unfixed> (bug #1139285)
 	[trixie] - network-manager <ignored> (Minor issue)
 	[bookworm] - network-manager <ignored> (Minor issue)
+	[bullseye] - network-manager <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2484613
 	NOTE: Network-manager defaults to the internal DHCP client
 CVE-2026-10804 (A vulnerability has been found in Streamlit up to 1.53.0. Impacted is  ...)
@@ -5593,15 +5596,19 @@ CVE-2026-47321
 	- mina2 <unfixed> (bug #1139162)
 	[trixie] - mina2 <no-dsa> (Minor issue)
 	[bookworm] - mina2 <no-dsa> (Minor issue)
+	[bullseye] - mina2 <postponed> (Minor issue)
 	- mina <removed>
 	[bookworm] - mina <no-dsa> (Minor issue)
+	[bullseye] - mina <postponed> (Minor issue)
 	NOTE: https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj
 CVE-2026-47065 (ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter By ...)
 	- mina2 <unfixed> (bug #1139162)
 	[trixie] - mina2 <no-dsa> (Minor issue)
 	[bookworm] - mina2 <no-dsa> (Minor issue)
+	[bullseye] - mina2 <postponed> (Minor issue)
 	- mina <removed>
 	[bookworm] - mina <no-dsa> (Minor issue)
+	[bullseye] - mina <postponed> (Minor issue)
 	NOTE: https://lists.apache.org/thread/y7xj1bl8qo47p9bktb11hg5v6k1d4dyj
 CVE-2026-45702 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
 	- optee-os <unfixed> (bug #1138880)
@@ -6688,6 +6695,7 @@ CVE-2026-10294 (A vulnerability has been found in PackageKit up to 1.3.5. Affect
 	- packagekit <unfixed> (bug #1138711)
 	[trixie] - packagekit <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - packagekit <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - packagekit <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/PackageKit/PackageKit/issues/969
 CVE-2026-10293 (A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This imp ...)
 	NOT-FOR-US: UTT
@@ -7205,6 +7213,7 @@ CVE-2026-10532 (Deserialization of untrusted data vulnerability in QOS.CH Sarl l
 	- logback <unfixed> (bug #1139180)
 	[trixie] - logback <no-dsa> (Minor issue)
 	[bookworm] - logback <no-dsa> (Minor issue)
+	[bullseye] - logback <postponed> (minor issue)
 	NOTE: https://logback.qos.ch/news.html#1.5.34
 CVE-2026-10517 (A flaw was found in Clair. The fetcher component makes outbound HTTP r ...)
 	NOT-FOR-US: Clair
@@ -7228,6 +7237,7 @@ CVE-2026-10275 (A flaw has been found in OpenSC up to 0.26.1. This affects the f
 	- opensc 0.27.1-2 (bug #1139246)
 	[trixie] - opensc <no-dsa> (Minor issue)
 	[bookworm] - opensc <no-dsa> (Minor issue)
+	[bullseye] - opensc <postponed> (Minor issue)
 	NOTE: https://github.com/OpenSC/OpenSC/issues/3682
 	NOTE: https://github.com/OpenSC/OpenSC/pull/3684
 	NOTE: https://github.com/OpenSC/OpenSC/commit/814f745b3b6d100295f65f1935edd33d520d33ab
@@ -7892,6 +7902,7 @@ CVE-2026-45149 (The brace-expansion library generates arbitrary strings containi
 	- node-brace-expansion <unfixed> (bug #1138576)
 	[trixie] - node-brace-expansion <no-dsa> (Minor issue)
 	[bookworm] - node-brace-expansion <no-dsa> (Minor issue)
+	[bullseye] - node-brace-expansion <postponed> (Minor issue)
 	NOTE: https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2
 	NOTE: Fixed by: https://github.com/juliangruber/brace-expansion/commit/c0b095bdc52bc4c36dc88deddbadabc49f8371e5 (v5.0.6)
 CVE-2026-44640 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
@@ -9279,6 +9290,7 @@ CVE-2026-9828 (Deserialization of untrusted data vulnerability in QOS.CH Sarl lo
 	- logback <unfixed> (bug #1138632)
 	[trixie] - logback <no-dsa> (Minor issue)
 	[bookworm] - logback <no-dsa> (Minor issue)
+	[bullseye] - logback <postponed> (Minor issue)
 	NOTE: https://logback.qos.ch/news.html#1.5.33
 CVE-2026-9818
 	REJECTED
@@ -13543,6 +13555,7 @@ CVE-2026-9496 (Versions of the package pacote from 11.2.7 are vulnerable to Deni
 	- npm <unfixed> (bug #1139159)
 	[trixie] - npm <no-dsa> (Minor issue)
 	[bookworm] - npm <no-dsa> (Minor issue)
+	[bullseye] - npm <postponed> (Minor issue)
 	NOTE: https://security.snyk.io/vuln/SNYK-JS-PACOTE-8225084
 CVE-2026-9495 (Versions of the package @koa/router from 14.0.0 and before 15.0.0 are  ...)
 	NOT-FOR-US: koa/router
@@ -14120,6 +14133,7 @@ CVE-2026-9358 (A vulnerability was determined in postcss up to 7.1.1. Affected i
 	- node-css-loader <unfixed> (bug #1139161)
 	[trixie] - node-css-loader <no-dsa> (Minor issue)
 	[bookworm] - node-css-loader <no-dsa> (Minor issue)
+	[bullseye] - node-css-loader <postponed> (Minor issue)
 	NOTE: https://gist.github.com/bx33661/581e3a38134601c04e19b4dfc9b459b9
 	NOTE: postcss-selector-parser embedded in node-css-loader
 CVE-2026-9357 (A vulnerability was found in vBulletin 6.x. This impacts an unknown fu ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17eeb7791dd2ee87157a85f9758d03a7fddd1b4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/17eeb7791dd2ee87157a85f9758d03a7fddd1b4b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/7454f934/attachment.htm>

More information about the debian-security-tracker-commits mailing list