[Git][security-tracker-team/security-tracker][master] trixie triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2537ac7d by Moritz Muehlenhoff at 2026-06-16T14:32:36+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -837,6 +837,7 @@ CVE-2016-20066 (WordPress CP Polls 1.0.8 contains a persistent cross-site script
 	NOT-FOR-US: WordPress plugin
 CVE-2026-12205 (Crypt::DSA versions before 1.21 for Perl reused the nonce across signa ...)
 	- libcrypt-dsa-perl 1.21-1 (bug #1140105)
+	[trixie] - libcrypt-dsa-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/41004653/
 CVE-2026-XXXX [SSLMate go-pkcs12: Authentication bypass in Decode functions]
 	- golang-sslmate-src-go-pkcs12 0.7.2-1
@@ -5288,6 +5289,7 @@ CVE-2026-47895
 	NOTE: https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html
 CVE-2026-48977
 	- openslide 3.4.1+dfsg-9 (bug #1140003)
+	[trixie] - openslide <no-dsa> (Minor issue)
 	NOTE: https://github.com/openslide/openslide/security/advisories/GHSA-mxg2-48g7-fmwc
 CVE-2026-11495 (A vulnerability was detected in CodeAstro Ingredients Stock Management ...)
 	NOT-FOR-US: CodeAstro
@@ -29888,18 +29890,22 @@ CVE-2026-7738 (A security flaw has been discovered in puchunjie doc-tools-mcp 1.
 	NOT-FOR-US: puchunjie doc-tools-mcp
 CVE-2026-7737 (A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by  ...)
 	- gobgp 4.4.0-1
+	[trixie] - gobgp <no-dsa> (Minor issue)
 	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/bc77597d42335c78464bc8e15a471d887bbdf260 (v4.4.0)
 CVE-2026-7736 (A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by  ...)
 	- gobgp 4.4.0-1
+	[trixie] - gobgp <no-dsa> (Minor issue)
 	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/76d911046344a3923cbe573364197aa081944592 (v4.4.0)
 CVE-2026-7735 (A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the f ...)
 	- gobgp 4.4.0-1
+	[trixie] - gobgp <no-dsa> (Minor issue)
 	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/51ad1ada06cb41ce47b7066799981816f50b7ced (v4.4.0)
 CVE-2026-7734 (A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts ...)
 	- gobgp 4.4.0-1
+	[trixie] - gobgp <no-dsa> (Minor issue)
 	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/f9f7b55ec258e514be0264871fa645a2c3edad11 (v4.4.0)
 CVE-2026-7733 (A flaw has been found in funadmin up to 7.1.0-rc6. This affects the fu ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -34,6 +34,10 @@ firebird3.0
 --
 firebird4.0
 --
+gsasl (jmm)
+--
+gst-libav1.0
+--
 gst-plugins-bad1.0
 --
 imagemagick



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2537ac7d01c4723e3606a9f02bc99047ba12abcd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2537ac7d01c4723e3606a9f02bc99047ba12abcd
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260616/ada8a3ca/attachment.htm>