[Git][security-tracker-team/security-tracker][master] trixie triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jun 21 22:28:22 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cfd8c065 by Moritz Muehlenhoff at 2026-06-21T23:26:50+02:00
trixie triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -605,9 +605,11 @@ CVE-2016-20085 (Realtek High Definition Audio Driver 6.0.1.6730 contains an unqu
TODO: check
CVE-2026-55568
- guzzle 7.12.1-1
+ [trixie] - guzzle <no-dsa> (Minor issue)
NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-wpwq-4j6v-78m3
CVE-2026-55767
- guzzle 7.12.1-1
+ [trixie] - guzzle <no-dsa> (Minor issue)
NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwxw-98qj-8qjx
CVE-2026-52910 (In the Linux kernel, the following vulnerability has been resolved: b ...)
{DSA-6355-1}
@@ -744,7 +746,13 @@ CVE-2026-45696 (OpenEXR is the reference implementation and specification for th
NOTE: Fixed by: by https://github.com/AcademySoftwareFoundation/openexr/commit/c7af2d233b7b2a4452c11f26cf47584cc2b35721 (v3.4.13-rc)
CVE-2026-44663 (OpenEXR is the reference implementation and specification for the EXR ...)
- openexr <unfixed>
+ [trixie] - openexr <not-affected> (Vulnerable code not present)
+ [bookworm] - openexr <not-affected> (Vulnerable code not present)
+ [bullseye] - openexr <not-affected> (Vulnerable code not present)
NOTE: https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-777r-f9x8-7r84
+ NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/2403
+ NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/50ba96b1dbe353a98a626c7fd0ff1e50cc8c188f (v3.4-alpha)
+ NOTE: Fixed by https://github.com/AcademySoftwareFoundation/openexr/commit/3e2a99a55b1ee3dc5b962bf2cfde86eb24cc6897 (v3.4.13-rc)
CVE-2026-43994 (Coturn is a free open source implementation of TURN and STUN Server. V ...)
- coturn 4.12.0-1
NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-74pg-rfh2-5qw5
@@ -3913,6 +3921,7 @@ CVE-2026-10635 (On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, t
NOT-FOR-US: Zephyr, different from src:zephyr
CVE-2025-70102 (A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/ ...)
- dhcpcd 1:10.3.1-1
+ [trixie] - dhcpcd <no-dsa> (Minor issue)
NOTE: https://github.com/NetworkConfiguration/dhcpcd/issues/567
NOTE: Fixed by: https://github.com/NetworkConfiguration/dhcpcd/commit/117742d755b591764036dd4218f314f748a3d2b7 (v10.3.1)
CVE-2025-69332 (Subscriber Broken Access Control in Bookify <= 1.1.1 versions.)
@@ -35746,9 +35755,11 @@ CVE-2025-10503 (The authentication endpoint accepts user-supplied input without
NOT-FOR-US: WSO2
CVE-2026-XXXX [RUSTSEC-2026-0112]
- rust-astral-tokio-tar 0.6.1-1
+ [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0112.html
CVE-2026-XXXX [RUSTSEC-2026-0113]
- rust-astral-tokio-tar 0.6.1-1
+ [trixie] - rust-astral-tokio-tar <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2026-0113.html
CVE-2026-7111 (Text::CSV_XS versions before 1.62 for Perl have a use-after-free when ...)
- libtext-csv-xs-perl 1.62-1 (bug #1135232)
=====================================
data/dsa-needed.txt
=====================================
@@ -26,6 +26,7 @@ dulwich
erlang
--
expat (aron)
+ wait for 2.8.2
--
fastnetmon (jmm)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd8c06545b72da0b325127f5f74f0974be0a35f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfd8c06545b72da0b325127f5f74f0974be0a35f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260621/1bdabcbc/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list