[Git][security-tracker-team/security-tracker][master] bullseye triagging

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a0cbbafe by Bastien Roucariès at 2026-06-10T23:15:14+02:00
bullseye triagging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5148,6 +5148,7 @@ CVE-2026-7774 (tarfile.data_filter could be bypassed using crafted link entries,
 	- pypy3 <unfixed>
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
+	[bullseye] - pypy3 <postponed> (minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/06/04/9
 	NOTE: https://github.com/python/cpython/pull/149487
 	NOTE: https://github.com/python/cpython/commit/578411982c16f753f4893532510099ef665117da (main)
@@ -5665,11 +5666,13 @@ CVE-2026-44546 (daphne before 4.2.2 reconstructs a raw HTTP request from Twisted
 	- python-daphne <unfixed> (bug #1138864)
 	[trixie] - python-daphne <no-dsa> (Minor issue)
 	[bookworm] - python-daphne <no-dsa> (Minor issue)
+	[bullseye] - python-daphne <postponed> (Minor issue)
 	NOTE: Fixed by: https://github.com/django/daphne/commit/2628b7b2e6a196afff58defee3d77671a28de631 (4.2.2)
 CVE-2026-44545 (daphne before 4.2.2 did not pass maxFramePayloadSize or maxMessagePayl ...)
 	- python-daphne <unfixed> (bug #1138864)
 	[trixie] - python-daphne <no-dsa> (Minor issue)
 	[bookworm] - python-daphne <no-dsa> (Minor issue)
+	[bullseye] - python-daphne <postponed> (Minor issue)
 	NOTE: Fixed by: https://github.com/django/daphne/commit/32f8be0fb0bf2a441085cb45e0e8f45455f0793e (4.2.2)
 CVE-2026-44281 (GLPI is a free asset and IT management software package. Starting in v ...)
 	- glpi <removed>
@@ -5838,6 +5841,7 @@ CVE-2026-3276 (unicodedata.normalize() can take excessive CPU time when processi
 	- pypy3 <unfixed>
 	[trixie] - pypy3 <no-dsa> (Minor issue)
 	[bookworm] - pypy3 <no-dsa> (Minor issue)
+	[bullseye] - pypy3 <postponed> (minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/06/03/15
 	NOTE: https://github.com/python/cpython/pull/149080
 	NOTE: https://github.com/python/cpython/commit/991224b1e8311c85f198f6dd8208bf8cff7fc26f (main)
@@ -8445,6 +8449,7 @@ CVE-2026-48998
 	- php-guzzlehttp-psr7 2.10.3-1 (bug #1138265)
 	[trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
 	[bookworm] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
+	[bullseye] - php-guzzlehttp-psr7 <postponed> (Minor issue)
 	NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-34xg-wgjx-8xph
 CVE-2026-9999 (Inappropriate implementation in ANGLE in Google Chrome on Mac prior to ...)
 	{DSA-6316-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cbbafe387b8917d86db1e10a72f8bba663a796

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a0cbbafe387b8917d86db1e10a72f8bba663a796
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/f13982f7/attachment-0001.htm>