[Git][security-tracker-team/security-tracker][master] bullseye triagging

Bastien Roucariès (@rouca) rouca at debian.org
Wed Jun 10 22:26:52 BST 2026 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
599ec4af by Bastien Roucariès at 2026-06-10T23:26:35+02:00
bullseye triagging

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5808,6 +5808,7 @@ CVE-2025-41259 (SWUpdate before 2026.05 is affected by a time-of-check time-of-u
 	- swupdate 2026.05+dfsg-1
 	[trixie] - swupdate <no-dsa> (Minor issue)
 	[bookworm] - swupdate <no-dsa> (Minor issue)
+	[bullseye] - swupdate <postponed> (Minor issue)
 	NOTE: Fixed by: https://github.com/sbabic/swupdate/commit/f4bd64260e233e207354d68d572b1cbc3e63689d (2026.05)
 CVE-2025-15656 (Incorrect Privilege Assignment vulnerability in Mojoomla School Manage ...)
 	NOT-FOR-US: WordPress plugin or theme
@@ -6497,6 +6498,7 @@ CVE-2026-38978 (transmission through 4.1.1 was found to have a clickjacking weak
 	- transmission 4.1.2+dfsg-1
 	[trixie] - transmission <no-dsa> (Minor issue)
 	[bookworm] - transmission <no-dsa> (Minor issue)
+	[bullseye] - transmission <postponed> (Minor issue)
 	NOTE: https://github.com/transmission/transmission/issues/8726
 	NOTE: https://github.com/transmission/transmission/pull/8747
 	NOTE: https://github.com/transmission/transmission/commit/6b24c1c214ec6a44fa5fdff0ce7da6b16d8ecaa8
@@ -9601,6 +9603,7 @@ CVE-2026-44604 (A command injection vulnerability was discovered in the `rpmunco
 	- rpm <unfixed> (bug #1138234)
 	[trixie] - rpm <no-dsa> (Minor issue)
 	[bookworm] - rpm <no-dsa> (Minor issue)
+	[bullseye] - rpm <postponed> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2460967
 CVE-2026-44594 (esm.sh is a no-build content delivery network (CDN) for web developmen ...)
 	NOT-FOR-US: esm.sh
@@ -13869,6 +13872,7 @@ CVE-2026-5223 (Cargo incorrectly handled symlinks inside of crate tarballs downl
 	- rustc 1.95.0+dfsg1-2
 	[trixie] - rustc <no-dsa> (Minor issue)
 	[bookworm] - rustc <no-dsa> (Minor issue)
+	[bullseye] - rustc <postponed> (Minor issue)
 	NOTE: https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8
 	NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5223/
 	NOTE: https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577
@@ -13883,6 +13887,7 @@ CVE-2026-5222 (Cargo between 1.68 and 1.96 incorrectly normalized the URLs of th
 	- rustc 1.95.0+dfsg1-2
 	[trixie] - rustc <no-dsa> (Minor issue)
 	[bookworm] - rustc <no-dsa> (Minor issue)
+	[bullseye] - rustc <postponed> (Minor issue)
 	NOTE: https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s
 	NOTE: https://blog.rust-lang.org/2026/05/25/cve-2026-5222/
 	NOTE: https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f
@@ -18276,6 +18281,7 @@ CVE-2026-44312 (css_parser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the
 	- ruby-css-parser 2.1.0-1
 	[trixie] - ruby-css-parser <no-dsa> (Minor issue)
 	[bookworm] - ruby-css-parser <no-dsa> (Minor issue)
+	[bullseye] - ruby-css-parser <postponed> (Minor issue)
 	NOTE: https://github.com/premailer/css_parser/security/advisories/GHSA-ff6c-w6qf-7xqc
 	NOTE: https://github.com/premailer/css_parser/issues/185
 	NOTE: Fixed by: https://github.com/premailer/css_parser/commit/35e689c904225add78e0c488cf04bad052666449 (v2.1.0)
@@ -78692,6 +78698,7 @@ CVE-2025-68616 (WeasyPrint helps web developers to create PDF documents. Prior t
 	- weasyprint <unfixed> (bug #1139189)
 	[trixie] - weasyprint <no-dsa> (Minor issue)
 	[bookworm] - weasyprint <no-dsa> (Minor issue)
+	[bullseye] - weasyprint <postponed> (Minor issue)
 	NOTE: https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-983w-rhvv-gwmv
 CVE-2025-61684 (Quicly, an IETF QUIC protocol implementation, is susceptible to a deni ...)
 	NOT-FOR-US: Quicly



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/599ec4afee2c9af20ad66af60098c4fac726cc21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/599ec4afee2c9af20ad66af60098c4fac726cc21
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260610/3e31b898/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list