[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-2219/dpkg

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a40553d3 by Salvatore Bonaccorso at 2026-03-07T09:06:48+01:00
Update status for CVE-2026-2219/dpkg

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1463,8 +1463,9 @@ CVE-2026-2219 [dpkg-deb: Persistent hang on malformed .deb archives (DoS)]
 	- dpkg 1.23.6 (bug #1129722)
 	[trixie] - dpkg <no-dsa> (Minor issue; can be fixed in point release)
 	[bookworm] - dpkg <no-dsa> (Minor issue; can be fixed in point release)
-	[bullseye] - dpkg <postponed> (Minor issue; can be fixed in next update after bookworm point release)
-	NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313
+	[bullseye] - dpkg <not-affected> (Vulnerable code introduced later)
+	NOTE: Introduced with: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2c2f7066bd8c3209762762fa6905fa567b08ca5a (1.21.18)
+	NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313 (1.23.6)
 CVE-2026-3381 (Compress::Raw::Zlib versions through 2.219 for Perl use potentially in ...)
 	- libcompress-raw-zlib-perl 2.011-2
 	- perl 5.10.0-21



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a40553d3b109248403408bdca1d2cb864a822e7a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a40553d3b109248403408bdca1d2cb864a822e7a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260307/2a447b1a/attachment.htm>