[Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Jun 12 17:12:35 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1b3c59b8 by Moritz Muehlenhoff at 2026-06-12T18:12:27+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -226,6 +226,7 @@ CVE-2026-9694 (GitLab has remediated an issue in GitLab CE/EE affecting all vers
- gitlab <removed>
CVE-2026-9648 (The crypton-x509-validation Haskell library fails to enforce X.509 Nam ...)
- haskell-crypton-x509-validation <unfixed> (bug #1139732)
+ [trixie] - haskell-crypton-x509-validation <no-dsa> (Minor issue)
NOTE: https://www.kb.cert.org/vuls/id/862559
NOTE: https://github.com/kazu-yamamoto/crypton-certificate/pull/30
NOTE: Fixed by: https://github.com/kazu-yamamoto/crypton-certificate/commit/f4b77edf6ead77f4a886da40e41eab20f0180e39 (crypton-x509-validation-1.9.1)
@@ -7969,6 +7970,7 @@ CVE-2026-45131 (CloudPirates Open Source Helm Charts is a collection of Helm cha
NOT-FOR-US: CloudPirates Open Source Helm Charts
CVE-2026-44740 (Billy is an interface filesystem abstraction for Go. Prior to versions ...)
- golang-github-go-git-go-billy <unfixed>
+ [trixie] - golang-github-go-git-go-billy <no-dsa> (Minor issue)
- golang-github-go-git-go-billy-v6 <unfixed>
NOTE: https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6
CVE-2026-44211 (Cline is an autonomous coding agent as an SDK, IDE extension, or CLI a ...)
@@ -49962,6 +49964,7 @@ CVE-2026-3591 (A use-after-return vulnerability exists in the `named` server whe
NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/4a2048ea7f98b7ad9528463a045abc9d224a0f43 (v9.20.21)
CVE-2026-3608 (Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp- ...)
- isc-kea 3.0.3-1
+ [trixie] - isc-kea <no-dsa> (Minor issue)
NOTE: https://kb.isc.org/docs/cve-2026-3608
CVE-2026-33515 (Squid is a caching proxy for the Web. Prior to version 7.5, due to imp ...)
- squid 7.5-1
=====================================
data/dsa-needed.txt
=====================================
@@ -36,6 +36,8 @@ firebird3.0
--
firebird4.0
--
+gst-plugins-bad1.0
+--
imagemagick
--
jetty9
@@ -46,6 +48,8 @@ jpeg-xl (jmm)
--
kamailio
--
+libgd-perl (carnil)
+--
librabbitmq (jmm)
--
linux (carnil)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3c59b858afaf67713639d49d862e1a1e2a67d8
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1b3c59b858afaf67713639d49d862e1a1e2a67d8
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260612/9f59b55e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list