[Git][security-tracker-team/security-tracker][master] trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sat Jun 13 22:54:55 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bc30f772 by Moritz Muehlenhoff at 2026-06-13T23:54:37+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1156,6 +1156,7 @@ CVE-2026-45106 (Weblate is a web based localization tool. Prior to version 2026.
 	- weblate <itp> (bug #745661)
 CVE-2026-44705 (tmp is a temporary file and directory creator for node.js. Prior to 0. ...)
 	- node-tmp <unfixed> (bug #1139827)
+	[trixie] - node-tmp <no-dsa> (Minor issue)
 	NOTE: https://github.com/raszi/node-tmp/security/advisories/GHSA-ph9p-34f9-6g65
 	NOTE: Fixed by: https://github.com/raszi/node-tmp/commit/efa4a06f24374797ae32ab2b6ae39b7a611ae429 (v0.2.6)
 	NOTE: When fixing this issue make sure to fix it completely to not open up CVE-2026-49982
@@ -1951,13 +1952,16 @@ CVE-2026-22893 (A command injection vulnerability has been reported to affect se
 	NOT-FOR-US: QNAP
 CVE-2026-11837 (A local privilege escalation vulnerability was found in the ansible.po ...)
 	- ansible <unfixed> (bug #1139917)
+	[trixie] - ansible <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2487424
 CVE-2026-11824 (SQLite before 3.53.2 contains a heap-based buffer overflow vulnerabili ...)
 	- sqlite3 <unfixed>
+	[trixie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://sqlite.org/src/info/061febcf41ca
 	NOTE: https://sqlite.org/src/info/4a5ad516ea93
 CVE-2026-11822 (SQLite before 3.53.2 contains memory corruption vulnerabilities in the ...)
 	- sqlite3 <unfixed>
+	[trixie] - sqlite3 <no-dsa> (Minor issue)
 	NOTE: https://sqlite.org/src/info/061febcf41ca
 	NOTE: https://sqlite.org/src/info/4a5ad516ea93
 CVE-2026-11815 (An attacker who intercepts and tampers with traffic between the client ...)
@@ -10657,6 +10661,7 @@ CVE-2026-45023 (AutoGPT is a workflow automation platform for creating, deployin
 	NOT-FOR-US: AutoGPT
 CVE-2026-44973 (Billy is an interface filesystem abstraction for Go. Prior to 5.9.0, m ...)
 	- golang-github-go-git-go-billy <unfixed>
+	[trixie] - golang-github-go-git-go-billy <no-dsa> (Minor issue)
 	- golang-github-go-git-go-billy-v6 <unfixed>
 	NOTE: https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2
 CVE-2026-44885 (Portainer Community Edition is a lightweight service delivery platform ...)
@@ -11987,6 +11992,7 @@ CVE-2026-45108 (Himmelblau is an interoperability suite for Microsoft Azure Entr
 	NOT-FOR-US: Himmelblau
 CVE-2026-45104 (MapServer is a system for developing web-based GIS applications. From  ...)
 	- mapserver 8.6.3-1
+	[trixie] - mapserver <no-dsa> (Minor issue)
 	NOTE: https://github.com/MapServer/MapServer/security/advisories/GHSA-4h8g-378q-r75m
 CVE-2026-45102 (OneUptime is an open-source monitoring and observability platform. Pri ...)
 	NOT-FOR-US: OneUptime
@@ -23727,6 +23733,7 @@ CVE-2026-42072 (Nornicdb is a distributed low-latency, Graph+Vector, Temporal MV
 	NOT-FOR-US: Nornicdb
 CVE-2026-42030 (MapServer is a system for developing web-based GIS applications. From  ...)
 	- mapserver 8.6.2-1
+	[trixie] - mapserver <no-dsa> (Minor issue)
 	[bullseye] - mapserver <postponed> (Minor issue, reflected XSS)
 	NOTE: https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x
 CVE-2026-42028 (novaGallery is a php image gallery. Prior to version 2.1.1, a path tra ...)
@@ -142600,7 +142607,7 @@ CVE-2025-51390 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain
 	NOT-FOR-US: TOTOLINK
 CVE-2025-50422 (Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unsc ...)
 	- cairo <unfixed> (bug #1110606)
-	[trixie] - cairo <no-dsa> (Minor issue)
+	[trixie] - cairo <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - cairo <no-dsa> (Minor issue)
 	[bullseye] - cairo <postponed> (Minor Issue; need dump right and local access)
 	NOTE: https://github.com/Landw-hub/CVE-2025-50422



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30f772c667932cf274e5cadfa7dca542e3e8c4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bc30f772c667932cf274e5cadfa7dca542e3e8c4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260613/a2fd0244/attachment.htm>

More information about the debian-security-tracker-commits mailing list