[Git][security-tracker-team/security-tracker][master] 3 commits: okular: postpone vulnerabilities without CVE ID for bullseye

Carlos Henrique Lima Melara (@charles) gitlab at salsa.debian.org
Wed Jun 17 04:10:33 BST 2026 


Carlos Henrique Lima Melara pushed to branch master at Debian Security Tracker / security-tracker


Commits:
aea38ec7 by Carlos Henrique Lima Melara at 2026-06-16T22:33:44-03:00
okular: postpone vulnerabilities without CVE ID for bullseye

- - - - -
d29ad07e by Carlos Henrique Lima Melara at 2026-06-16T22:48:38-03:00
LTS: add firefox-esr to dla-needed.txt

- - - - -
2e08b301 by Carlos Henrique Lima Melara at 2026-06-16T22:59:16-03:00
LTS: add thunderbird to dla-needed.txt

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -8544,30 +8544,35 @@ CVE-2026-XXXX [integer overflow in fax image allocation leads to undersized heap
 	- okular 4:26.04.2-1 (bug #1139009)
 	[trixie] - okular 4:25.04.2-1+deb13u1
 	[bookworm] - okular 4:22.12.3-1+deb12u1
+	[bullseye] - okular <postponed> (Minor issue, can be fixed in a next update)
 	NOTE: https://kde.org/info/security/advisory-20260511-5.txt
 	NOTE: https://commits.kde.org/okular/49cccdec814b2ddb0a403b63994114f09b007a2c
 CVE-2026-XXXX [unsigned integer wrap-around in fax backend leads to heap out-of-bounds read and write]
 	- okular 4:26.04.2-1 (bug #1139008)
 	[trixie] - okular 4:25.04.2-1+deb13u1
 	[bookworm] - okular 4:22.12.3-1+deb12u1
+	[bullseye] - okular <postponed> (Minor issue, can be fixed in a next update)
 	NOTE: https://kde.org/info/security/advisory-20260511-4.txt
 	NOTE: https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b
 CVE-2026-XXXX [heap out-of-bounds read in fax backend Ghostscript header handling]
 	- okular 4:26.04.2-1 (bug #1139007)
 	[trixie] - okular 4:25.04.2-1+deb13u1
 	[bookworm] - okular 4:22.12.3-1+deb12u1
+	[bullseye] - okular <postponed> (Minor issue, can be fixed in a next update)
 	NOTE: https://kde.org/info/security/advisory-20260511-3.txt
 	NOTE: https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b
 CVE-2026-XXXX [heap out-of-bounds read in fax backend FAXMAGIC comparison]
 	- okular 4:26.04.2-1 (bug #1139005)
 	[trixie] - okular 4:25.04.2-1+deb13u1
 	[bookworm] - okular 4:22.12.3-1+deb12u1
+	[bullseye] - okular <postponed> (Minor issue, can be fixed in a next update)
 	NOTE: https://kde.org/info/security/advisory-20260511-2.txt
 	NOTE: https://commits.kde.org/okular/e5f088674223019fafac26800a2ae0c0d6afc85b
 CVE-2026-XXXX [heap out-of-bounds write in fax backend on zero-length input]
 	- okular 4:26.04.2-1 (bug #1139004)
 	[trixie] - okular 4:25.04.2-1+deb13u1
 	[bookworm] - okular 4:22.12.3-1+deb12u1
+	[bullseye] - okular <postponed> (Minor issue, can be fixed in a next update)
 	NOTE: https://kde.org/info/security/advisory-20260511-1.txt
 	NOTE: https://commits.kde.org/okular/466786c354d890e39a3871f80ed686958d2513a2
 CVE-2026-49941 (Net::CIDR::Set versions through 0.20 for Perl did not validate IP addr ...)


=====================================
data/dla-needed.txt
=====================================
@@ -167,6 +167,10 @@ expat/bullseye
 firebird3.0/bullseye
   NOTE: 20260418: Added by Front-Desk (rouca)
 --
+firefox-esr
+  NOTE: 20260616: Added by Front-Desk (charles)
+  NOTE: 20260616: Already in dsa-needed.txt and claimed by jmm (charles)
+--
 firmware-nonfree/bullseye
   NOTE: 20251130: Added by Front-Desk. Moreover, take care of postponed issue (rouca)
 --
@@ -679,6 +683,10 @@ sympa/bookworm
   NOTE: 20250119: Added by Security Team (jmm)
   NOTE: 20260611: bookworm LTS handover.
 --
+thunderbird
+  NOTE: 20260616: Added by Front-Desk (charles)
+  NOTE: 20260616: Already in dsa-needed.txt and claimed by jmm (charles)
+--
 trafficserver/bullseye
   NOTE: 20241120: Added by Front-Desk (Beuc)
   NOTE: 20241120: Upcoming DSA (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/164ed555a470f22388436c00bc980ab62fd804ec...2e08b301d2516c1e3bc075233087c43b2b594121

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/164ed555a470f22388436c00bc980ab62fd804ec...2e08b301d2516c1e3bc075233087c43b2b594121
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260617/e11760dc/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list