[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue Mar 31 12:46:55 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9dffb311 by Moritz Muehlenhoff at 2026-03-31T13:46:32+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -543,8 +543,9 @@ CVE-2018-25223 (Crashmail 1.6 contains a stack-based buffer overflow vulnerabili
 	- crashmail <undetermined>
 	NOTE: https://www.exploit-db.com/exploits/44331
 CVE-2018-25222 (SC v7.16 contains a stack-based buffer overflow vulnerability that all ...)
-	- sc <unfixed>
+	- sc <unfixed> (unimportant)
 	NOTE: https://www.exploit-db.com/exploits/44279
+	NOTE: Crash in CLI tool, no security impact
 CVE-2018-25221 (EChat Server 3.1 contains a buffer overflow vulnerability in the chat. ...)
 	NOT-FOR-US: EChat Server
 CVE-2018-25220 (Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that  ...)
@@ -1941,38 +1942,47 @@ CVE-2025-14684 (IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11,
 CVE-2026-33952 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93
 CVE-2026-33977 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5
 CVE-2026-33995 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx
 CVE-2026-33984 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6
 CVE-2026-33983 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478
 CVE-2026-33985 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85
 CVE-2026-33986 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97
 CVE-2026-33987 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc
 CVE-2026-33982 (FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...)
 	- freerdp3 3.24.2+dfsg-1
 	- freerdp2 <removed>
+	[bookworm] - freerdp2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2
 CVE-2014-125112 (Plack::Middleware::Session::Cookie versions through 0.21 for Perl allo ...)
 	- libplack-middleware-session-perl 0.24-1
@@ -4216,9 +4226,10 @@ CVE-2026-4753 (Out-of-bounds Read vulnerability in slajerek RetroDebugger.This i
 CVE-2026-4752 (Use After Free vulnerability in No-Chicken Echo-Mate.This issue affect ...)
 	NOT-FOR-US: No-Chicken Echo-Mate
 CVE-2026-4751 (NULL Pointer Dereference vulnerability in tmate-io tmate.This issue af ...)
-	- tmate <unfixed> (bug #1132019)
+	- tmate <unfixed> (bug #1132019; unimportant)
 	NOTE: https://github.com/tmate-io/tmate/pull/328
 	NOTE: Fixed by: https://github.com/tmate-io/tmate/commit/3e12f558c7b71b7135403cdd2df77d38538a695c
+	NOTE: Crash in CLI tool, no security impact
 CVE-2026-4750 (Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue af ...)
 	- woof-doom 15.3.0+dfsg-2
 	[trixie] - woof-doom <no-dsa> (Minor issue)
@@ -6846,13 +6857,15 @@ CVE-2025-13995 (IBM QRadar SIEM7.5.0 through 7.5.0 Update Package 14 could allow
 CVE-2024-42210 (A Stored cross-site scripting (XSS) vulnerability affects HCL Unica Ma ...)
 	NOT-FOR-US: HCL
 CVE-2026-31973 (SAMtools is a program for reading, manipulating and writing bioinforma ...)
-	- samtools <unfixed>
+	- samtools <unfixed> (unimportant)
 	NOTE: https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43
 	NOTE: Fixed by: https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd51199f2f
+	NOTE: Crash in CLI tool, no security impact
 CVE-2026-31972 (SAMtools is a program for reading, manipulating and writing bioinforma ...)
-	- samtools <unfixed>
+	- samtools <unfixed> (unimportant)
 	NOTE: https://github.com/samtools/samtools/security/advisories/GHSA-72c8-4jf3-f27p
 	NOTE: Fixed by: https://github.com/samtools/samtools/commit/3036eb9af945fcef359427a2d359855553da4adf
+	NOTE: Crash in CLI tool, no security impact
 CVE-2026-4396 (Improper certificate validation in Devolutions Hub Reporting Service   ...)
 	NOT-FOR-US: Devolutions
 CVE-2026-3479 (pkgutil.get_data() did not validate the resource argument as documente ...)
@@ -14967,6 +14980,7 @@ CVE-2026-21654 (Improper Neutralization of Special Elements used in an OS Comman
 	NOT-FOR-US: Johnson Controls
 CVE-2026-21619 (Uncontrolled Resource Consumption, Deserialization of Untrusted Data v ...)
 	- erlang-hex <unfixed>
+	[trixie] - erlang-hex <no-dsa> (Minor issue)
 	- rebar3 3.27.0-1
 	NOTE: https://github.com/advisories/GHSA-hx9w-f2w9-9g96
 	NOTE: https://github.com/hexpm/hex_core/commit/cdf726095bca85ad2549d146df1e831ae93c2b13 (v0.12.1)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dffb31162dadd916faa86199f9e29db671c488a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9dffb31162dadd916faa86199f9e29db671c488a
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260331/bdc7a133/attachment.htm>

More information about the debian-security-tracker-commits mailing list