[Git][security-tracker-team/security-tracker][master] Reserve DSA number for snapd update

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Mar 19 22:27:00 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5594b6f8 by Salvatore Bonaccorso at 2026-03-19T23:26:28+01:00
Reserve DSA number for snapd update

- - - - -


3 changed files:

- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -935,7 +935,6 @@ CVE-2026-4064 (Missing authorization checks on multiple gRPC service endpoints i
 	NOT-FOR-US: Devolutions
 CVE-2026-3888 (Local privilege escalation in snapd on Linux allows local attackers to ...)
 	- snapd <unfixed> (bug #1131120)
-	[bookworm] - snapd <no-dsa> (Minor issue; no automatic tmpfiles.d cleanup)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/03/17/8
 	NOTE: https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt
 	NOTE: Fixed by: https://github.com/canonical/snapd/commit/5400bfdf1e4c3f861826a215417234420470cb25


=====================================
data/DSA/list
=====================================
@@ -1,3 +1,7 @@
+[19 Mar 2026] DSA-6170-1 snapd - security update
+	{CVE-2026-3888}
+	[bookworm] - snapd 2.57.6-1+deb12u1
+	[trixie] - snapd 2.68.3-3+deb13u1
 [19 Mar 2026] DSA-6169-1 imagemagick - security update
 	{CVE-2026-28493 CVE-2026-28494 CVE-2026-28686 CVE-2026-28687 CVE-2026-28688 CVE-2026-28689 CVE-2026-28690 CVE-2026-28691 CVE-2026-28692 CVE-2026-28693 CVE-2026-30883 CVE-2026-30929 CVE-2026-30931 CVE-2026-30935 CVE-2026-30936 CVE-2026-30937 CVE-2026-31853 CVE-2026-32259}
 	[trixie] - imagemagick 8:7.1.1.43+dfsg1-1+deb13u7


=====================================
data/dsa-needed.txt
=====================================
@@ -91,8 +91,6 @@ runc
 smb4k/oldstable
   Inrusive to backport chnges to 3.1.7-1, queried maintainer for opinion on ignoring update
 --
-snapd/stable (carnil)
---
 spip
   David Prevot proposed followup update for last DSA to address issue introduced in 4.4.10
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5594b6f854ff434fd810c417526e2d824c32b883

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5594b6f854ff434fd810c417526e2d824c32b883
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260319/d5628b6f/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list