[Git][security-tracker-team/security-tracker][master] dla: bookworm LTS handover, sync from data/dsa-needed.txt

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat Jun 13 10:11:28 BST 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
933a966d by Sylvain Beucler at 2026-06-13T11:11:23+02:00
dla: bookworm LTS handover, sync from data/dsa-needed.txt

- - - - -


1 changed file:

- data/dla-needed.txt


Changes:

=====================================
data/dla-needed.txt
=====================================
@@ -182,6 +182,10 @@ gdcm/bullseye (eamanu)
   NOTE: 20260513: New ping to upstream to know about open CVEs.
   NOTE: 20260528: Ping upstream again.
 --
+gh/bookworm
+  NOTE: 20241230: Added by Security Team (carnil)
+  NOTE: 20260611: bookworm LTS handover.
+--
 giflib/bullseye
   NOTE: 20260405: Added by Front-Desk (ta)
   NOTE: 20260609: no upstream fix yet for CVE-2026-26740
@@ -232,7 +236,7 @@ grub2/bullseye (Emilio)
 gst-plugins-bad1.0
   NOTE: 20260612: Added by Front-Desk (rouca)
 --
-gst-plugins-good1.0/bullseye
+gst-plugins-good1.0
   NOTE: 20260520: Added by Front-Desk (Beuc)
   NOTE: 20260520: 6 CVEs piled up since December (Beuc)
 --
@@ -243,9 +247,17 @@ hplip/bullseye (Thorsten Alteholz)
 imagemagick
   NOTE: 20260611: Added by Front-Desk (rouca)
 --
+inkscape/bookworm
+  NOTE: 20260522: Added by Security Team (jmm)
+  NOTE: 20260611: bookworm LTS handover.
+--
 ironic
   NOTE: 20260610: Added by Front-Desk (rouca)
 --
+isc-kea/bookworm
+  NOTE: 20260224: Added by Security Team (jmm)
+  NOTE: 20260611: bookworm LTS handover.
+--
 jetty9/bullseye
   NOTE: 20260418: Added by Front-Desk. Fix CVE-2026-5795 maybe other (rouca)
 --
@@ -255,9 +267,12 @@ jq
 kamailio/bullseye
   NOTE: 20260413: Added by Front-Desk (rouca)
 --
-kitty/bullseye
+kitty
   NOTE: 20260522: Added by Front-Desk (Beuc)
   NOTE: 20260522: Upcoming DSA (Beuc/front-desk)
+  NOTE: 20260523: Maintainer notes for LTS Team:
+  NOTE: 20260523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137210#45
+  NOTE: 20260528: DSA-6307-1 (2 CVEs)
 --
 knot-resolver/bullseye
   NOTE: 20251206: Added by Front-Desk (rouca)
@@ -310,6 +325,10 @@ libreoffice/bullseye (santiago)
   NOTE: 20260508: Added by Front-Desk (dleidert)
   NOTE: 20260508: Follow DSA-6251-1 (dleidert/front-desk)
 --
+libreswan/bookworm
+  NOTE: 20230301: Added by Security Team (jmm)
+  NOTE: 20260611: bookworm LTS handover.
+--
 libsoup2.4/bullseye
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...
@@ -369,7 +388,11 @@ libxslt/bullseye
 linux/bullseye (Ben Hutchings)
   NOTE: 20230111: Perma-added, Linux package specifically delegated to bwh (LTS Team)
 --
-mbedtls/bullseye
+lxd/bookworm
+  NOTE: 20260519: Added by Security Team (jmm)
+  NOTE: 20260611: bookworm LTS handover.
+--
+mbedtls
   NOTE: 20260427: Added by Front-Desk (lamby)
 --
 mediawiki/bullseye (guilhem)
@@ -379,7 +402,7 @@ mesa/bullseye (tobi)
   NOTE: 20260418: Added by Front-Desk. Fix CVE-2026-40393 (rouca)
   NOTE: 20260604: Updates bullseye...trixie prepared, reached out to maintainer for review and ACK for (o-)s-p-u
 --
-mimetex/bullseye
+mimetex
   NOTE: 20250422: Added by Front-Desk (rouca)
   NOTE: 20250629: There doesn't seem to be a fix so far according to #1103801 (dleidert)
   NOTE: 20250629: Best course of action seems to be some kind of mitigation similar to https://moodle.org/mod/forum/discuss.php?d=467592 (dleidert)
@@ -429,7 +452,7 @@ node-lodash/bullseye (utkarsh)
   NOTE: 20260201: uploaded to sid. would like for it to settle there first. (utkarsh)
   NOTE: 20260302: no regressions reported, will start to upload to stable releases. (utkarsh)
 --
-nss/bullseye
+nss
   NOTE: 20260518: Added by Front-Desk (Beuc)
   NOTE: 20260518: Upcoming DSA (3 CVEs) (Beuc/front-desk)
   NOTE: 20260521: DSA-6290-1 (Beuc/front-desk)
@@ -450,6 +473,11 @@ ocaml/bullseye
 openexr/bullseye
   NOTE: 20260413: Added by Front-Desk (rouca)
 --
+opennds/bookworm
+  NOTE: 20240205: Added by Security Team (jmm)
+  NOTE: 20240627: pinged maintainer, but no reply yet. should most probably be bumped to 10.x (jmm)
+  NOTE: 20260611: bookworm LTS handover.
+--
 openssl (arnaudr)
   NOTE: 20260609: Added by Front-Desk (rouca)
 --
@@ -473,7 +501,7 @@ perl/bullseye
   NOTE: 20260527: Added by Front-Desk (santiago)
   NOTE: 20260527: wait for the DSA before releasing
 --
-php-laravel-framework/bullseye
+php-laravel-framework
   NOTE: 20250307: Added by Front-Desk (rouca)
   NOTE: 20251027: History of upstream branch fixing v12: git log 9de75259..2d133034^2.
   NOTE: 20251027: There was an attempt to backport to v9, but it got rejected upstream
@@ -517,6 +545,7 @@ pypdf2/bullseye (dleidert)
 --
 python-aiohttp
   NOTE: 20260611: Added by Front-Desk (rouca)
+  NOTE: 20260602: Daniel Leidert is proposing to work on the update and provide debdiffs for bookworm and trixie (carnil)
 --
 python-oslo.messaging/bullseye
   NOTE: 20260612: Added by Front-Desk (rouca)
@@ -546,6 +575,11 @@ ruby-rack/bullseye (Abhijith PA)
   NOTE: 20260413: Added by Front-Desk (rouca)
   NOTE: 20260608: https://people.debian.org/~abhijith/upload/rr/ (abhijith)
 --
+ruby-saml/bookworm
+  NOTE: 20250313: Added by Security Team (jmm)
+  NOTE: 20250324: Utkarsh Gupta might work on an update (carnil)
+  NOTE: 20260611: bookworm LTS handover.
+--
 ruby2.7/bullseye (Abhijith PA)
   NOTE: 20260419: Added by Front-Desk (rouca)
   NOTE: 20260608: https://people.debian.org/~abhijith/upload/ruby2.7_patches/ (abhijith)
@@ -616,6 +650,10 @@ symfony/bullseye
   NOTE: 20260521: at least 1 SQLI and 1 stored XSS.
   NOTE: 20260521: Upcoming DSA (Beuc/front-desk)
 --
+sympa/bookworm
+  NOTE: 20250119: Added by Security Team (jmm)
+  NOTE: 20260611: bookworm LTS handover.
+--
 trafficserver/bullseye
   NOTE: 20241120: Added by Front-Desk (Beuc)
   NOTE: 20241120: Upcoming DSA (Beuc/front-desk)
@@ -631,7 +669,7 @@ u-boot/bullseye (ah)
   NOTE: 20260522: Added by Front-Desk (Beuc)
   NOTE: 20260522: Fix postponed CVEs along with buster (Beuc/front-desk)
 --
-unbound/bullseye
+unbound
   NOTE: 20260520: Added by Front-Desk (Beuc)
   NOTE: 20260520: 11 new CVEs including 2 memory corruption (Beuc/front-desk)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/933a966d4fd7ad0754d977d7b9c6f55ffde92932

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/933a966d4fd7ad0754d977d7b9c6f55ffde92932
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/201a86d6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list