[Git][security-tracker-team/security-tracker][master] bullseye triagging

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d7227c03 by Bastien Roucariès at 2026-06-10T23:18:04+02:00
bullseye triagging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3059,6 +3059,7 @@ CVE-2026-45409 (Internationalized Domain Names in Applications (IDNA) for Python
 	- python-idna <unfixed> (bug #1139164)
 	[trixie] - python-idna <no-dsa> (Minor issue)
 	[bookworm] - python-idna <no-dsa> (Minor issue)
+	[bullseye] - python-idna <no-dsa> (Minor issue)
 	NOTE: https://github.com/kjd/idna/security/advisories/GHSA-65pc-fj4g-8rjx
 	NOTE: Fixed by: https://github.com/kjd/idna/commit/628fef84d3eda59321c21127e73dcd873db23ead (v3.14)
 	NOTE: Fixed by: https://github.com/kjd/idna/commit/e1cb465b6376f33306a26f467d197edbcd01c4b9 (v3.15)
@@ -6058,30 +6059,35 @@ CVE-2026-48587 (An issue was discovered in Django 5.2 before 5.2.15 and 6.0 befo
 	- python-django 3:5.2.15-1 (bug #1138775)
 	[trixie] - python-django <no-dsa> (Minor issue)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
 	NOTE: Fixed by: https://github.com/django/django/commit/9b62b0af71a14c657d19d95371630ba839e83d9a (5.2.15)
 CVE-2026-35193 (An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0 ...)
 	- python-django 3:5.2.15-1 (bug #1138775)
 	[trixie] - python-django <no-dsa> (Minor issue)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
 	NOTE: Fixed by: https://github.com/django/django/commit/050a3dc276f9142067260e990e4d8d42d5e32863 (5.2.15)
 CVE-2026-8404 (An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0 ...)
 	- python-django 3:5.2.15-1 (bug #1138775)
 	[trixie] - python-django <no-dsa> (Minor issue)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
 	NOTE: Fixed by: https://github.com/django/django/commit/366d9ae6e8d1469c04e9ebdc1bcd098fc14a3b1e (5.2.15)
 CVE-2026-7666 (An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2. ...)
 	- python-django 3:5.2.15-1 (bug #1138775)
 	[trixie] - python-django <no-dsa> (Minor issue)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
 	NOTE: Fixed by: https://github.com/django/django/commit/4e47d2b800435bcbfd1301ef3250b9c7fb8fa670 (5.2.15)
 CVE-2026-6873 (An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2. ...)
 	- python-django 3:5.2.15-1 (bug #1138775)
 	[trixie] - python-django <no-dsa> (Minor issue)
 	[bookworm] - python-django <no-dsa> (Minor issue)
+	[bullseye] - python-django <postponed> (Minor issue)
 	NOTE: https://www.djangoproject.com/weblog/2026/jun/03/security-releases/
 	NOTE: Fixed by: https://github.com/django/django/commit/594360cbf58be7f56eb6da96d58644297c99ef85 (5.2.15)
 CVE-2026-9732 (The EmergencyWP \u2013 Dead Man's switch & legacy deliverance plugin f ...)
@@ -10347,6 +10353,7 @@ CVE-2026-8643 (pip would treat console_scripts and gui_scripts as paths instead
 	- python-pip 26.1.2+dfsg-1 (bug #1138220)
 	[trixie] - python-pip <no-dsa> (Minor issue)
 	[bookworm] - python-pip <no-dsa> (Minor issue)
+	[bullseye] - python-pip <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460927
 	NOTE: Fixed by: https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb
 	NOTE: Improvement to original fix: https://github.com/pypa/pip/pull/14001
@@ -18878,6 +18885,7 @@ CVE-2026-42561 (Python-Multipart is a streaming multipart parser for Python. Pri
 	- python-multipart <unfixed> (bug #1136702)
 	[trixie] - python-multipart <no-dsa> (Minor issue)
 	[bookworm] - python-multipart <no-dsa> (Minor issue)
+	[bullseye] - python-multipart <no-dsa> (Minor issue)
 	NOTE: https://github.com/Kludex/python-multipart/security/advisories/GHSA-pp6c-gr5w-3c5g
 	NOTE: https://github.com/Kludex/python-multipart/pull/267
 	NOTE: https://github.com/Kludex/python-multipart/commit/3e64f5f8caba0e5d391b0c1ad0f1c2edf9e8f911 (0.0.27)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7227c03b8d7113100a3358fe683fd13da733b82

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d7227c03b8d7113100a3358fe683fd13da733b82
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/0c01fd02/attachment.htm>