[Git][security-tracker-team/security-tracker][master] bookworm/trixie triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun Mar 15 15:31:33 GMT 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a3a12cd7 by Moritz Muehlenhoff at 2026-03-15T16:30:11+01:00
bookworm/trixie triage

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5008,8 +5008,8 @@ CVE-2026-3257 (UnQLite versions through 0.06 for Perl uses a potentially insecur
 	NOT-FOR-US: UnQLite Perl module
 CVE-2025-40931 (Apache::Session::Generate::MD5 versions through 1.94 for Perl create i ...)
 	- libapache-session-perl <unfixed>
-	[trixie] - libapache-session-perl <no-dsa> (Minor issue)
-	[bookworm] - libapache-session-perl <no-dsa> (Minor issue)
+	[trixie] - libapache-session-perl <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - libapache-session-perl <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - libapache-session-perl <postponed> (Minor issue; can be fixed in next update)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/37639294/
 CVE-2024-57854 (Net::NSCA::Client versions through 0.009002 for Perl uses a poor rando ...)
@@ -38785,6 +38785,9 @@ CVE-2025-67899 (uriparser through 0.9.9 allows unbounded recursion and stack con
 	[bullseye] - uriparser <postponed> (Minor issue)
 	NOTE: https://github.com/uriparser/uriparser/issues/282
 	NOTE: https://github.com/uriparser/uriparser/pull/284
+	NOTE: https://github.com/uriparser/uriparser/commit/cd5565036645dbe104b5807bb64998db917cdf33 (uriparser-1.0.0)
+	NOTE: https://github.com/uriparser/uriparser/commit/70eef664a5ffd5a0d05fd73bbc61d3e3dcbdf979 (uriparser-1.0.0)
+	NOTE: https://github.com/uriparser/uriparser/commit/8044bd70c0dc92cfabef4c44793790b923971548 (uriparser-1.0.0)
 CVE-2025-67898 (MJML through 4.18.0 allows mj-include directory traversal to test file ...)
 	NOT-FOR-US: MJML
 CVE-2025-14712 (Student Learning Assessment and Support System developed by JHENG GAO  ...)
@@ -56046,8 +56049,8 @@ CVE-2025-50951 (FontForge v20230101 was discovered to contain a memory leak via
 	NOTE: Negligible security impact
 CVE-2025-50950 (Audiofile v0.3.7 was discovered to contain a NULL pointer dereference  ...)
 	- audiofile <unfixed> (bug #1118940)
-	[trixie] - audiofile <no-dsa> (Minor issue)
-	[bookworm] - audiofile <no-dsa> (Minor issue)
+	[trixie] - audiofile <postponed> (Minor issue, revisit when fixed upstream)
+	[bookworm] - audiofile <postponed> (Minor issue, revisit when fixed upstream)
 	[bullseye] - audiofile <postponed> (Minor issue)
 	NOTE: https://github.com/mpruett/audiofile/issues/66
 CVE-2025-50949 (FontForge v20230101 was discovered to contain a memory leak via the co ...)


=====================================
data/DSA/list
=====================================
@@ -40,7 +40,7 @@
 	[bookworm] - lxd 5.0.2-5+deb12u3
 	[trixie] - lxd 5.0.2+git20231211.1364ae4-9+deb13u3
 [28 Feb 2026] DSA-6152-1 thunderbird - security update
-	{CVE-2026-2757 CVE-2026-2758 CVE-2026-2759 CVE-2026-2761 CVE-2026-2762 CVE-2026-2763 CVE-2026-2764 CVE-2026-2765 CVE-2026-2766 CVE-2026-2767 CVE-2026-2768 CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772 CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776 CVE-2026-2777 CVE-2026-2778 CVE-2026-2779 CVE-2026-2780 CVE-2026-2781 CVE-2026-2782 CVE-2026-2783 CVE-2026-2784 CVE-2026-2785 CVE-2026-2786 CVE-2026-2787 CVE-2026-2788 CVE-2026-2789 CVE-2026-2790 CVE-2026-2791 CVE-2026-2792 CVE-2026-2793}
+	{CVE-2026-2757 CVE-2026-2758 CVE-2026-2759 CVE-2026-2761 CVE-2026-2762 CVE-2026-2763 CVE-2026-2764 CVE-2026-2765 CVE-2026-2766 CVE-2026-2767 CVE-2026-2768 CVE-2026-2769 CVE-2026-2770 CVE-2026-2771 CVE-2026-2772 CVE-2026-2773 CVE-2026-2774 CVE-2026-2775 CVE-2026-2776 CVE-2026-2777 CVE-2026-2778 CVE-2026-2779 CVE-2026-2780 CVE-2026-2781 CVE-2026-2782 CVE-2026-2783 CVE-2026-2784 CVE-2026-2785 CVE-2026-2786 CVE-2026-2787 CVE-2026-2788 CVE-2026-2789 CVE-2026-2790 CVE-2026-2791 CVE-2026-2792 CVE-2026-2793 CVE-2026-2760}
 	[bookworm] - thunderbird 1:140.8.0esr-1~deb12u1
 	[trixie] - thunderbird 1:140.8.0esr-1~deb13u1
 [26 Feb 2026] DSA-6151-1 chromium - security update


=====================================
data/dsa-needed.txt
=====================================
@@ -30,6 +30,8 @@ gh/oldstable
 --
 git-lfs
 --
+gst-plugins-base1.0 (jmm)
+--
 isc-kea/oldstable
 --
 jackson-core



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3a12cd77048d0d1b84bccfff0aabded4fd3cd1c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a3a12cd77048d0d1b84bccfff0aabded4fd3cd1c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260315/6bad7380/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list