[Git][security-tracker-team/security-tracker][master] trixie triage

Fri Jun 19 14:16:03 BST 2026


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
13774f93 by Moritz Muehlenhoff at 2026-06-19T15:15:49+02:00
trixie triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3,15 +3,24 @@ CVE-2026-47262
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq
 CVE-2026-53489
 	- containerd <unfixed> (bug #1140385)
+	[trixie] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
+	[bookworm] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
+	[bullseye] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-rgh6-rfwx-v388
 CVE-2026-53492
 	- containerd <unfixed> (bug #1140385)
+	[trixie] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
+	[bookworm] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
+	[bullseye] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-33vj-92qq-66hc
 CVE-2026-53488
 	- containerd <unfixed> (bug #1140385)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp
 CVE-2026-50195
 	- containerd <unfixed> (bug #1140385)
+	[trixie] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
+	[bookworm] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
+	[bullseye] - containerd <not-affected> (Vulnerable code not present, only affects 2.x)
 	NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-cvxm-645q-p574
 CVE-2026-55225
 	NOT-FOR-US: Strimzi
@@ -166,6 +175,7 @@ CVE-2025-15661 (libssh2 through 1.11.1, fixed in commit 2dae302, contains an out
 	NOTE: Fixed by: https://github.com/libssh2/libssh2/commit/2dae3024897e1898d389835151f4e9606227721d
 CVE-2026-55766
 	- php-guzzlehttp-psr7 2.12.1-1
+	[trixie] - php-guzzlehttp-psr7 <no-dsa> (Minor issue)
 	NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-vm85-hxw5-5432
 CVE-2026-48931
 	- nodejs 24.17.0+dfsg+~cs24.13.2-1
@@ -256,9 +266,11 @@ CVE-2026-55205 (Hermes WebUI before 0.51.468 contains a resource exhaustion vuln
 	NOT-FOR-US: Hermes WebUI
 CVE-2026-55204 (HAProxy through  3.4.0, fixed in commit 9a6d1fe, contains a null point ...)
 	- haproxy <unfixed>
+	[trixie] - haproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/haproxy/haproxy/commit/9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513
 CVE-2026-55203 (HAProxy through 3.4.0, fixed in commit 5985276, contains an integer ov ...)
 	- haproxy <unfixed>
+	[trixie] - haproxy <no-dsa> (Minor issue)
 	NOTE: https://github.com/haproxy/haproxy/commit/5985276735777634d8c85f1d73bb7764aab0d6dd
 CVE-2026-54419 (claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no r ...)
 	NOT-FOR-US: PBX-In-A-Flash Hotel Management System
@@ -2164,8 +2176,11 @@ CVE-2026-9307 (A sensitive information disclosure security issue exists within t
 	NOT-FOR-US: Rockwell Automation
 CVE-2026-8484 (A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" ...)
 	- jansi <unfixed>
+	[trixie] - jansi <no-dsa> (Minor issue)
 	- jansi1 <unfixed>
+	[trixie] - jansi1 <no-dsa> (Minor issue)
 	- jansi-native <unfixed>
+	[trixie] - jansi-native <no-dsa> (Minor issue)
 	NOTE: https://cert.pl/en/posts/2026/06/CVE-2026-8484/
 	TODO: double-check source packages, as there is not much details from cert.pl post
 CVE-2026-8444 (The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Inj ...)
@@ -38042,12 +38057,14 @@ CVE-2026-41180 (PsiTransfer is an open source, self-hosted file sharing solution
 	NOT-FOR-US: PsiTransfer
 CVE-2026-41179 (Rclone is a command-line program to sync files and directories to and  ...)
 	- rclone <unfixed> (bug #1134735)
+	[trixie] - rclone <no-dsa> (Minor issue)
 	NOTE: https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q
 	NOTE: https://github.com/rclone/rclone/commit/9e3e68d00c3ecf475a1432fc206400cfb4df7e3f (v1.74.0)
 CVE-2026-41177 (Squidex is an open source headless content management system and conte ...)
 	NOT-FOR-US: Squidex
 CVE-2026-41176 (Rclone is a command-line program to sync files and directories to and  ...)
 	- rclone <unfixed> (bug #1134734)
+	[trixie] - rclone <no-dsa> (Minor issue)
 	NOTE: https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx
 	NOTE: https://github.com/rclone/rclone/commit/06aa958ad6fd18ac14b9de9b5066ae09880196b1 (v1.74.0)
 	NOTE: https://github.com/rclone/rclone/commit/08490972a53e4e838a594a4ccbe8fbac8c4815e3 (v1.74.0)


=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,7 @@ amd64-microcode (carnil)
 --
 botan3 (aron)
 --
+containerd
 --
 cups
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13774f939af5dbe2aea24660bacf4c822f5c07a2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/13774f939af5dbe2aea24660bacf4c822f5c07a2
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260619/954ee058/attachment-0001.htm>
