[Git][security-tracker-team/security-tracker][master] 4 commits: dla: add zabbix

Sylvain Beucler (@beuc) gitlab at salsa.debian.org
Sat Mar 28 11:53:40 GMT 2026 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d9c2c33e by Sylvain Beucler at 2026-03-28T12:53:19+01:00
dla: add zabbix

- - - - -
3a2437e4 by Sylvain Beucler at 2026-03-28T12:53:22+01:00
CVE-2025-69720/ncurses: bullseye postponed

- - - - -
7c881a15 by Sylvain Beucler at 2026-03-28T12:53:24+01:00
CVE-2026-30838,CVE-2026-33347/php-league-commonmark: follow bookworm triage

- - - - -
ea4aee89 by Sylvain Beucler at 2026-03-28T12:53:27+01:00
CVE-2026-25645/requests: bullseye postponed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -1656,6 +1656,7 @@ CVE-2026-25645 (Requests is a HTTP library. Prior to version 2.33.0, the `reques
 	- requests <unfixed> (bug #1132071)
 	[trixie] - requests <no-dsa> (Minor issue)
 	[bookworm] - requests <no-dsa> (Minor issue)
+	[bullseye] - requests <postponed> (Minor issue, no direct call to extract_zipped_paths found at codesearch.debian.net, work-around exist)
 	NOTE: https://github.com/psf/requests/security/advisories/GHSA-gc5v-m9x4-r6x2
 	NOTE: Fixed by: https://github.com/psf/requests/commit/66d21cb07bd6255b1280291c4fafb71803cdb3b7 (v2.33.0)
 CVE-2026-25469 (Missing Authorization vulnerability in ViaBill for WooCommerce ViaBill ...)
@@ -4085,6 +4086,7 @@ CVE-2026-33347 (league/commonmark is a PHP Markdown parser. From version 2.3.0 t
 	- php-league-commonmark 2.8.2-1
 	[trixie] - php-league-commonmark <no-dsa> (Minor issue)
 	[bookworm] - php-league-commonmark <no-dsa> (Minor issue)
+	[bullseye] - php-league-commonmark <postponed> (Minor issue)
 	NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5
 	NOTE: Fixed by: https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b (2.8.2)
 CVE-2026-33699 (pypdf is a free and open-source pure-python PDF library. Versions prio ...)
@@ -5871,6 +5873,7 @@ CVE-2025-69720 (The infocmp command-line tool in ncurses before 6.5-20251213 has
 	- ncurses 6.6+20251231-1
 	[trixie] - ncurses <no-dsa> (Minor issue)
 	[bookworm] - ncurses <no-dsa> (Minor issue)
+	[bullseye] - ncurses <postponed> (Minor issue, Crash in CLI tool)
 	NOTE: https://github.com/Cao-Wuhui/CVE-2025-69720
 	NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20251213
 	TODO: check upstream status
@@ -10912,6 +10915,7 @@ CVE-2026-30838 (league/commonmark is a PHP Markdown parser. Prior to version 2.8
 	- php-league-commonmark 2.8.1-1
 	[trixie] - php-league-commonmark <no-dsa> (Minor issue)
 	[bookworm] - php-league-commonmark <no-dsa> (Minor issue)
+	[bullseye] - php-league-commonmark <postponed> (Minor issue)
 	NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f
 	NOTE: Regression test: https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a (2.8.1)
 	NOTE: Fixed by: https://github.com/thephpleague/commonmark/commit/5c0c4c8fe5a31e8260be99e0afad7136a27c79e6 (2.8.1)


=====================================
data/dla-needed.txt
=====================================
@@ -483,6 +483,10 @@ xmlrpc-c
   NOTE: 20250705: Ping'd secteam asking for current bookworm plans. (Beuc)
   NOTE: 20250705: https://lists.debian.org/debian-lts/2025/07/msg00006.html
 --
+zabbix
+  NOTE: 20260328: Added by Front-Desk (Beuc)
+  NOTE: 20260328: CVE-2026-23919->24 appear to be in supported scope (Beuc/front-desk)
+--
 zulucrypt
   NOTE: 20250727: Added by Front-Desk (ta)
   NOTE: 20251203: sent a mail to the maintainer asking about plans to address #1108288 (dleidert)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea652e79ac083992a78ced0c3aed837bfaf0c56...ea4aee89161138f1ad2711bdb8cb71f4a804abb0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/5ea652e79ac083992a78ced0c3aed837bfaf0c56...ea4aee89161138f1ad2711bdb8cb71f4a804abb0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/24cd1239/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list