[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
184ad7e1 by Moritz Muehlenhoff at 2026-03-17T21:26:00+01:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2067,7 +2067,11 @@ CVE-2023-43010 (The issue was addressed with improved memory handling. This issu
 	NOT-FOR-US: Apple
 CVE-2026-2436
 	- libsoup3 <unfixed> (bug #1130498)
+	[trixie] - libsoup3 <no-dsa> (Minor issue)
+	[bookworm] - libsoup3 <no-dsa> (Minor issue)
 	- libsoup2.4 <removed>
+	[trixie] - libsoup2.4 <no-dsa> (Minor issue)
+	[bookworm] - libsoup2.4 <no-dsa> (Minor issue)
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/issues/501
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e9b681a5b23f8259a5e29c5351a5284ae5cd1189
 CVE-2026-3954 (A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by th ...)
@@ -3341,10 +3345,14 @@ CVE-2026-3086 (GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Exec
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/aa1f5a80085ef65154a982dd3b23181100265c7e (main)
 CVE-2026-3083 (GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulne ...)
 	- gst-plugins-good1.0 1.28.1-1
+	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
+	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
 CVE-2026-3085 (GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Executio ...)
 	- gst-plugins-good1.0 1.28.1-1
+	[trixie] - gst-plugins-good1.0 <no-dsa> (Minor issue)
+	[bookworm] - gst-plugins-good1.0 <no-dsa> (Minor issue)
 	NOTE: https://gstreamer.freedesktop.org/security/sa-2026-0008.html
 	NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/8349cdd35f85246e113b18e55fd11abf9cb248bf (main)
 CVE-2026-2923 (GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vuln ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -18,9 +18,11 @@ amd64-microcode (carnil)
 ceph
  for CVE-2024-47866, rest harmless
 --
-cpp-httplib
+cpp-httplib (jmm)
   Maintainer preparing updates, waiting for feedback on bookworm status
 --
+freetype/stable (jmm)
+--
 frr
 --
 gh/oldstable
@@ -58,7 +60,7 @@ php-laravel-framework/oldstable
 python-aiohttp
 --
 python-tornado (jmm)
-  Daniel Leidert is proposing to work on an update, asked to send debdiffs to team for review
+  update is on seger, but autopkg regression needs to be sorted
 --
 rtpengine
   Victor Seva prepared a debdiff for trixie-security for review, bookworm-security debdiff missing



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/184ad7e16493b66d0056aba264c4c361fe47f5c3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/184ad7e16493b66d0056aba264c4c361fe47f5c3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260317/b0d14842/attachment-0001.htm>