[Git][security-tracker-team/security-tracker][master] libssh2, sogo DSAs

Moritz Muehlenhoff (@jmm) jmm at debian.org
Thu Jun 25 19:15:19 BST 2026



Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f87f813b by Moritz Mühlenhoff at 2026-06-25T20:14:50+02:00
libssh2, sogo DSAs

- - - - -


4 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -37561,7 +37561,6 @@ CVE-2026-7599 (A vulnerability was detected in Dayoooun hwpx-mcp 0.2.0. This aff
 	NOT-FOR-US: Dayoooun hwpx-mcp
 CVE-2026-7598 (A security vulnerability has been detected in libssh2 up to 1.11.1. Th ...)
 	- libssh2 1.11.1-3 (bug #1135647)
-	[trixie] - libssh2 <no-dsa> (Minor issue)
 	[bookworm] - libssh2 <no-dsa> (Minor issue)
 	[bullseye] - libssh2 <postponed> (Minor issue, unlikely user/pass length)
 	NOTE: https://github.com/libssh2/libssh2/pull/1858


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,9 @@
+[25 Jun 2026] DSA-6366-1 sogo - security update
+	{CVE-2025-71276 CVE-2026-3054 CVE-2026-8496 CVE-2026-8851 CVE-2026-33550 CVE-2026-46445 CVE-2026-46446}
+	[trixie] - sogo 5.12.1-3+deb13u2
+[25 Jun 2026] DSA-6365-1 libssh2 - security update
+	{CVE-2025-15661 CVE-2026-7598 CVE-2026-55199 CVE-2026-55200}
+	[trixie] - libssh2 1.11.1-1+deb13u1
 [25 Jun 2026] DSA-6364-1 chromium - security update
 	{CVE-2026-13021 CVE-2026-13022 CVE-2026-13023 CVE-2026-13024 CVE-2026-13025 CVE-2026-13026 CVE-2026-13027 CVE-2026-13028 CVE-2026-13029 CVE-2026-13030 CVE-2026-13031 CVE-2026-13032 CVE-2026-13033 CVE-2026-13034 CVE-2026-13035 CVE-2026-13036 CVE-2026-13037 CVE-2026-13038}
 	[trixie] - chromium 149.0.7827.196-1~deb13u1


=====================================
data/dsa-needed.txt
=====================================
@@ -48,8 +48,6 @@ kitty
 libheif
   possibly best to move to 1.23.0
 --
-libssh2 (jmm)
---
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more 6.1.y versions
@@ -93,9 +91,6 @@ rust-wasmtime
 --
 shaarli
 --
-sogo (jmm)
-  Peter Wienemann proposed debdiff for review
---
 util-linux
 --
 vim


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -160,6 +160,8 @@ CVE-2026-8829
 	[bookworm] - libhtml-parser-perl 3.81-1+deb12u1
 CVE-2022-4981
 	[bookworm] - dcmtk 3.6.7-9~deb12u4
+CVE-2026-12805
+	[bookworm] - dcmtk 3.6.7-9~deb12u4
 CVE-2025-2357
 	[bookworm] - dcmtk 3.6.7-9~deb12u4
 CVE-2025-9732



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87f813b44b64c22c6a579113673f9ec04d74580

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f87f813b44b64c22c6a579113673f9ec04d74580
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260625/db4f5628/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list