[Git][security-tracker-team/security-tracker][master] Reserve DLA-4648-1 for libtext-csv-xs-perl

Guilhem Moulin (@guilhem) guilhem at debian.org
Thu Jun 25 19:24:49 BST 2026



Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
98ac9603 by Guilhem Moulin at 2026-06-25T20:24:33+02:00
Reserve DLA-4648-1 for libtext-csv-xs-perl

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -39695,7 +39695,6 @@ CVE-2026-XXXX [RUSTSEC-2026-0113]
 CVE-2026-7111 (Text::CSV_XS versions before 1.62 for Perl have a use-after-free when  ...)
 	- libtext-csv-xs-perl 1.62-1 (bug #1135232)
 	[trixie] - libtext-csv-xs-perl 1.60-1+deb13u1
-	[bookworm] - libtext-csv-xs-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39453344/
 	NOTE: https://github.com/cpan-authors/Text-CSV_XS/issues/65
 	NOTE: Requisite for test case: https://github.com/cpan-authors/Text-CSV_XS/commit/b69bd94c2847cf3a28442af6286a345435955bcd


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,7 @@
+[25 Jun 2026] DLA-4648-1 libtext-csv-xs-perl - security update
+	{CVE-2026-7111}
+	[bullseye] - libtext-csv-xs-perl 1.45-1+deb11u1
+	[bookworm] - libtext-csv-xs-perl 1.49-1+deb12u1
 [25 Jun 2026] DLA-4647-1 yelp - security update
 	[bullseye] - yelp 3.38.3-1+deb11u2
 [24 Jun 2026] DLA-4646-1 postgresql-13 - security update


=====================================
data/dla-needed.txt
=====================================
@@ -403,10 +403,6 @@ libstb/bullseye
   NOTE: 20260226: Fixed CVE-2021-28021 CVE-2021-37789 CVE-2021-42715 CVE-2022-28041 CVE-2022-28042 with DLA-4493-1 (abhijith)
   NOTE: 20260429: Revisit when upstream merge the proposed fixes. Though other embed libstb projects patched (abhijith)
 --
-libtext-csv-xs-perl/bullseye (guilhem)
-  NOTE: 20260519: Added by Front-Desk (Beuc)
-  NOTE: 20260519: Follow trixie 13.5 (1 CVE) (Beuc/front-desk)
---
 libvncserver
   NOTE: 20260612: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98ac96033541c755d9fc45e2f5ccd42c1e982f64

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/98ac96033541c755d9fc45e2f5ccd42c1e982f64
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260625/e23e505a/attachment.htm>


More information about the debian-security-tracker-commits mailing list