[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2026-25674 in python-django for bullseye LTS.
Chris Lamb (@lamby)
lamby at debian.org
Thu Mar 5 21:19:59 GMT 2026
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
59f5b102 by Chris Lamb at 2026-03-05T13:15:20-08:00
Triage CVE-2026-25674 in python-django for bullseye LTS.
- - - - -
ba46dec5 by Chris Lamb at 2026-03-05T13:17:51-08:00
Triage CVE-2025-40931 in libapache-session-perl for bullseye LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -835,6 +835,7 @@ CVE-2025-40931 (Apache::Session::Generate::MD5 versions through 1.94 for Perl cr
- libapache-session-perl <unfixed>
[trixie] - libapache-session-perl <no-dsa> (Minor issue)
[bookworm] - libapache-session-perl <no-dsa> (Minor issue)
+ [bullseye] - libapache-session-perl <postponed> (Minor issue; can be fixed in next update)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/37639294/
CVE-2024-57854 (Net::NSCA::Client versions through 0.009002 for Perl uses a poor rando ...)
NOT-FOR-US: Net::NSCA::Client Perl module
@@ -1479,6 +1480,7 @@ CVE-2026-25674 (An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12,
- python-django 3:4.2.29-1 (bug #1129595)
[trixie] - python-django <no-dsa> (Minor issue)
[bookworm] - python-django <no-dsa> (Minor issue)
+ [bullseye] - python-django <postponed> (Minor issue; can be fixed in next update, although would be difficult to backport)
NOTE: https://www.djangoproject.com/weblog/2026/mar/03/security-releases/
NOTE: Fixed by: https://github.com/django/django/commit/54b50bf7d6dcbf02d4c01f853627cc9299d4934d (4.2.29)
CVE-2026-25673 (An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4. ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/740ebc0cde4981aea3e17c25cf56349b3db865c9...ba46dec5b0aa9f5c1f7134c1e8a1fb423a965248
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/740ebc0cde4981aea3e17c25cf56349b3db865c9...ba46dec5b0aa9f5c1f7134c1e8a1fb423a965248
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260305/ec5efe3c/attachment.htm>
More information about the debian-security-tracker-commits
mailing list