[Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jun 17 13:13:26 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ff7ec8db by Moritz Muehlenhoff at 2026-06-17T14:13:13+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2235,6 +2235,7 @@ CVE-2026-54412 (LiamBindle MQTT-C through version 1.1.6 contains a heap-based ou
NOT-FOR-US: MQTT-C
CVE-2026-54411 (Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE ...)
- pam <unfixed> (bug #1140190)
+ [trixie] - pam <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/linux-pam/linux-pam/issues/992
NOTE: https://github.com/linux-pam/linux-pam/pull/991
CVE-2026-54410 (nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in t ...)
@@ -2909,6 +2910,7 @@ CVE-2026-44975 (Frappe is a full-stack web application framework. Prior to versi
NOT-FOR-US: Frappe
CVE-2026-44967 (OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to ...)
- opentelemetry-cpp <unfixed> (bug #1139879)
+ [trixie] - opentelemetry-cpp <no-dsa> (Minor issue)
NOTE: https://github.com/open-telemetry/opentelemetry-cpp/security/advisories/GHSA-5qhm-4rfp-qqvj
NOTE: https://github.com/open-telemetry/opentelemetry-cpp/issues/3958
NOTE: https://github.com/open-telemetry/opentelemetry-cpp/pull/4078
@@ -4001,9 +4003,11 @@ CVE-2024-58350 (Ghidra before 11.2 contains a use after free vulnerability in th
- ghidra <itp> (bug #923851)
CVE-2026-XXXX [OnionShare follows symlinks in shared directories, allowing unintended disclosure of local files]
- onionshare <unfixed> (bug #1139717)
+ [trixie] - onionshare <no-dsa> (Minor issue)
NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-22p9-r2f5-22mf
CVE-2026-XXXX [OnionShare Receive mode writes uploaded files even when file uploads are disabled]
- onionshare <unfixed> (bug #1139716)
+ [trixie] - onionshare <no-dsa> (Minor issue)
NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-v833-3823-cmhp
CVE-2026-11853 (Debusine is an integrated solution to build, distribute and maintain a ...)
- debusine 0.14.9
=====================================
data/dsa-needed.txt
=====================================
@@ -67,6 +67,10 @@ linux (carnil)
--
netty
--
+node-dompurify
+--
+pacemaker
+--
pdfminer (carnil)
Required followup for CVE-2025-64512 as original fix was incomplete.
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7ec8db79515faa77d8534687d1696a621638fb
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ff7ec8db79515faa77d8534687d1696a621638fb
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260617/f40885a8/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list