[Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jun 18 11:12:28 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
23e2cd46 by Moritz Muehlenhoff at 2026-06-18T12:12:10+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,6 +13,7 @@ CVE-2026-55740 (Nur-Alam39 bus-ticket (no released versions; latest commit 459ca
NOT-FOR-US: Nur-Alam39 bus-ticket
CVE-2026-55202 (Tinyproxy through 1.11.3, fixed in commit 09312a1, fails to properly v ...)
- tinyproxy <unfixed>
+ [trixie] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/pull/606
NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/09312a185ae25cc486b4ff5987638a7917a48bce
CVE-2026-55201 (Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path trave ...)
@@ -31,11 +32,13 @@ CVE-2026-54445 (vantage6 is an open-source infrastructure for privacy preserving
NOT-FOR-US: vantage6
CVE-2026-54388 (Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject req ...)
- tinyproxy <unfixed>
+ [trixie] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb
CVE-2026-54387 (Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile ...)
- tinyproxy <unfixed>
+ [trixie] - tinyproxy <no-dsa> (Minor issue)
NOTE: https://github.com/tinyproxy/tinyproxy/issues/609
NOTE: https://github.com/tinyproxy/tinyproxy/pull/610
NOTE: Fixed by: https://github.com/tinyproxy/tinyproxy/commit/623bfc093df009296f0b85d40bc677ef9d5c09bb
@@ -67,6 +70,7 @@ CVE-2026-48991 (XianYuLauncher is a Minecraft Java Edition launcher. In versions
NOT-FOR-US: XianYuLauncher
CVE-2026-48990 (joserfc is a Python library that provides an implementation of several ...)
- joserfc 1.6.8-1
+ [trixie] - joserfc <no-dsa> (Minor issue)
NOTE: https://github.com/authlib/joserfc/security/advisories/GHSA-wphv-vfrh-23q5
CVE-2026-48989 (Windows-MCP is an open-source project that integrates AI agents with W ...)
NOT-FOR-US: Windows-MCP
=====================================
data/dsa-needed.txt
=====================================
@@ -93,6 +93,8 @@ runc
rust-wasmtime
for CVE-2026-34987 CVE-2026-34971, rest would also be fine to ignore
--
+shaarli
+--
sogo
Peter Wienemann proposed debdiff for review
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2cd46832fa760e68fd19d6be4d1f0229c7a59
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/23e2cd46832fa760e68fd19d6be4d1f0229c7a59
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260618/217a4487/attachment.htm>
More information about the debian-security-tracker-commits
mailing list