[Git][security-tracker-team/security-tracker][master] 5 commits: LTS: add rsync to dla-needed.txt

Carlos Henrique Lima Melara (@charles) gitlab at salsa.debian.org
Tue Jun 16 03:00:31 BST 2026 


Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1c21d40 by Carlos Henrique Lima Melara at 2026-06-15T19:29:29-03:00
LTS: add rsync to dla-needed.txt

- - - - -
a7f958ed by Carlos Henrique Lima Melara at 2026-06-15T21:49:01-03:00
LTS: add atril to dla-needed.txt

- - - - -
c76d2c06 by Carlos Henrique Lima Melara at 2026-06-15T21:49:09-03:00
CVE-2026-46529/atril: add info on upstream fix in 1.26 lts branch

bookworm and trixie have the same minor version of atril, 1.26.x.

- - - - -
d3e10e61 by Carlos Henrique Lima Melara at 2026-06-15T21:49:10-03:00
LTS: add cups/bookworm to dla-needed.txt

- - - - -
37b280dd by Carlos Henrique Lima Melara at 2026-06-15T22:06:04-03:00
LTS: add amd64-microcode to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -18194,6 +18194,7 @@ CVE-2026-46529 (Atril Document Viewer is the default document reader of the MATE
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/21/7
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/evince/-/commit/970c219e861a5fcc3e7b9e05bedf18cf0de39245 (48.2)
 	NOTE: Fixed by: https://github.com/mate-desktop/atril/commit/b989b7922a454ed81f8bb14786a958828513f576 (1.28.4)
+	NOTE: Fixed by: https://github.com/mate-desktop/atril/commit/6fcec412c36186564f2af8b94026c61b8fecb5e4 (1.26.3)
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/papers/-/commit/1b82bf627b4d8b414a57b55a9095e6d361799d6c
 	NOTE: No security impact in evince-gtk3 since affected code not built in binary package.
 CVE-2026-8975 (Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 a ...)


=====================================
data/dla-needed.txt
=====================================
@@ -43,7 +43,7 @@ NOTE: will validate and install into the archive for us.
 activemq/bullseye
   NOTE: 20260413: Added by Front-Desk (rouca)
 --
-amd64-microcode/bullseye
+amd64-microcode
   NOTE: 20250710: Added by Front-Desk (apo)
   NOTE: 20250906: Reached out to maintainer, offering help.
   NOTE: 20250906: Might need newer firmware on the computer or newer kernel (#1109035)
@@ -56,6 +56,7 @@ amd64-microcode/bullseye
   NOTE: 20251006: See also https://meetbot.debian.net/debian-lts/2025/debian-lts.2025-09-25-14.00.log.html starting at 15:14:30)
   NOTE: 20251224: See also 1109035#52 for updates from maintainer,
   NOTE: 20251224: I think the required kernel microcode driver patch are: https://lists.openwall.net/linux-kernel/2025/10/27/1012
+  NOTE: 20260615: bookworm (now lts) also needs fixes. (charles)
 --
 ansible
   NOTE: 20260611: Added by Front-Desk (rouca)
@@ -72,6 +73,13 @@ asterisk/bullseye (Thorsten Alteholz)
 async-http-client (Chris Lamb)
   NOTE: 20260610: Added by Front-Desk (rouca)
 --
+atril/bookworm
+  NOTE: 20260615: Added by Front-Desk (charles)
+  NOTE: 20260615: Already in dsa-needed, follow DSA when released. Same minor
+  NOTE: 20260615: version in trixie and bookworm. Andreas Heriksson had offered
+  NOTE: 20260615: help for bookworm already: (charles)
+  NOTE: 20260615: https://lists.debian.org/debian-security/2026/05/msg00010.html
+--
 bind9/bullseye (eamanu)
   NOTE: 20260520: Added by Front-Desk (Beuc)
   NOTE: 20260520: 6 new CVEs including 1 memory corruption, upcoming DSA (Beuc/front-desk)
@@ -118,8 +126,9 @@ composer/bullseye
 coturn/bullseye
   NOTE: 20260414: Added by Front-Desk (rouca)
 --
-cups/bullseye (Thorsten Alteholz)
+cups (Thorsten Alteholz)
   NOTE: 20260404: Added by Front-Desk (ta)
+  NOTE: 20260615: bookworm also need the same fixes as bullseye. (charles)
 --
 docker-registry/bullseye
   NOTE: 20260419: Added by Front-Desk (rouca)
@@ -590,6 +599,10 @@ request-tracker4/bullseye (Andrew Ruthven)
   NOTE: 20260529: Follow DSA in preparation by maintainer (dleidert/front-desk)
   NOTE: 20260607: Andrew Ruthven (maintainer) is working on a DLA.
 --
+rsync
+  NOTE: 20260615: Added by Front-Desk (charles)
+  NOTE: 20260615: Requested by Sylvain to track regressions, same as in dsa-needed. (charles)
+--
 ruby-rack/bullseye (Abhijith PA)
   NOTE: 20260413: Added by Front-Desk (rouca)
   NOTE: 20260608: https://people.debian.org/~abhijith/upload/rr/ (abhijith)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1085e4d0a6e5655fb734e4e697895007e95a2d1b...37b280dd33c52fcad402a26e40bc63f5ba00063c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/1085e4d0a6e5655fb734e4e697895007e95a2d1b...37b280dd33c52fcad402a26e40bc63f5ba00063c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/5cb1b5a6/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list