[Git][security-tracker-team/security-tracker][master] trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Jun 21 19:15:33 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b7187a54 by Moritz Muehlenhoff at 2026-06-21T20:15:19+02:00
trixie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -609,7 +609,13 @@ CVE-2026-46699 (conda-smithy is a tool for combining a conda recipe with configu
 	NOT-FOR-US: conda-smithy
 CVE-2026-45696 (OpenEXR is the reference implementation and specification for the EXR  ...)
 	- openexr <unfixed>
+	[trixie] - openexr <not-affected> (Vulnerable code not present)
+	[bookworm] - openexr <not-affected> (Vulnerable code not present)
+	[bullseye] - openexr <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-gjpj-qv64-vwhf
+	NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2397
+	NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/50ba96b1dbe353a98a626c7fd0ff1e50cc8c188f (v3.4-alpha)
+	NOTE: Fixed by: by https://github.com/AcademySoftwareFoundation/openexr/commit/c7af2d233b7b2a4452c11f26cf47584cc2b35721 (v3.4.13-rc)
 CVE-2026-44663 (OpenEXR is the reference implementation and specification for the EXR  ...)
 	- openexr <unfixed>
 	NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-777r-f9x8-7r84
@@ -818,6 +824,7 @@ CVE-2026-46580 (In Eclipse Theia versions prior to 1.71.0, files matching the pa
 	NOT-FOR-US: Eclipse
 CVE-2026-44942 (A path traversal in handling the "path" component of .repo files proce ...)
 	- libzypp 17.38.13-1
+	[trixie] - libzypp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1267874
 CVE-2026-44691 (In Eclipse Theia versions prior to 1.69.0, custom task definitions in  ...)
 	NOT-FOR-US: Eclipse



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7187a54d85318bef9d310fd7cd2c1416ea3ac87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b7187a54d85318bef9d310fd7cd2c1416ea3ac87
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260621/cae72695/attachment.htm>


More information about the debian-security-tracker-commits mailing list