[Git][security-tracker-team/security-tracker][master] Reserve DLA-4513-1 for gvfs

[Andreas Henriksson (@ah)]

Andreas Henriksson pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e5833af2 by Andreas Henriksson at 2026-03-28T15:00:14+01:00
Reserve DLA-4513-1 for gvfs

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 Mar 2026] DLA-4513-1 gvfs - security update
+	{CVE-2026-28295 CVE-2026-28296}
+	[bullseye] - gvfs 1.46.2-2+deb11u1
 [27 Mar 2026] DLA-4512-1 strongswan - security update
 	{CVE-2026-25075}
 	[bullseye] - strongswan 5.9.1-1+deb11u6


=====================================
data/dla-needed.txt
=====================================
@@ -162,12 +162,6 @@ gst-plugins-ugly1.0 (utkarsh)
   NOTE: 20260322: Added by Front-Desk (charles)
   NOTE: 20260322: In dsa-needed, coordinate with secteam (charles)
 --
-gvfs (ah)
-  NOTE: 20260228: Added by Front-Desk (charles)
-  NOTE: 20260228: CVE-2026-28296 is the greater problem, users connecting to a
-  NOTE: 20260228: FTP server with malicious files can end up executing arbitrary
-  NOTE: 20260228: FTP commands (charles)
---
 imagemagick (rouca)
   NOTE: 20260228: Added by Front-Desk (charles)
   NOTE: 20260228: In dsa-needed, coordinate with secteam (charles)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5833af2d9223ced300f7a793ba408345dd31293

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e5833af2d9223ced300f7a793ba408345dd31293
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260328/52908f78/attachment-0001.htm>