March 2026 Archives by thread
Starting: Sun Mar 1 00:17:25 GMT 2026
Ending: Tue Mar 31 13:11:01 BST 2026
Messages: 1411
- [Git][security-tracker-team/security-tracker][master] LTS: add imagemagick to dla-needed.txt and assign to rouca
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-40932/libapache-sessionx-perl: postponed for bullseye
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-27699/node-proxy-agents as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2026-3184
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add note about node-tar
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Track proposed update node-proxy-agents via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] automatic NOT-FOR-US entries update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note for node-tar in dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for some vips issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-26960/node-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lxd DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-27571/nats-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] update note
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-28370/vitrage
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2024-7701/percona-toolkit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for vim issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new issues in squirrel3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix for CVE-2024-2824/jhead in upstream
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track for imagemagick issues fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-27571/nats-server via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reference pull request for two openbabel issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] wireshark spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] qemu spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] calibre spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via experimental for CVE-2026-28364/ocaml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4496-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2023-31102/p7zip: affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Triage CVE-2021-4456 in libnet-cidr-perl for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] CVE-2022-47069/p7zip: marked as fixed in transitional package
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-68158 as no-dsa for trixie and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for python-authlib via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for pyhon-authlib via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for busybox via bookworm-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Group calibre proposed updates together (and for same version)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-40481 and CVE-2023-31102
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new exiv2 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23865/freetype
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add notes for packages
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] php8.2 DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend Apache rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for openbabel issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for gimp issues via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for openjdk-8 issues via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-64702/golang-github-lucas-clemente-quic-go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-27206/php-zumba-json-serializer via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-27970 and associate with angular.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3195 and update relation from CVE-2024-7730
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3196/qemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3429/keycloak, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new binutils issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA for spip
Sebastien Delafond ( at seb)
- [Git][security-tracker-team/security-tracker][master] dla: p7zip status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3184 for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new python-django issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage python-django for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim python-django.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add reference for CVE-2026-28370/vitrage
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for exiv2 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update the status of CVE-2026-3184 for bullseye
Santiago R.R. ( at santiago)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-25674/python-django via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one more NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three new biosig issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0540/node-dompurify
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for two qemu issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for freetype issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] gimp DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim python-cryptography
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] Add note for python-cryptography
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-26007
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim gimp
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2023-28144/hotspot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add TODO item for CVE-2026-29022
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-2376 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27932/joserfc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27971/qwik
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync Linux CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Sync Linux CVEs with kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVEs from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed trixie-pu update for arduino-core-avr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-69725 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track sylpheed as removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for capstone via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add chromium to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3103/check-mk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-2588/augeas
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new cpp-httplib issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27622/openexr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27601/underscore
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-26279/froxlor, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for ckermit via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40926 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2024-57854 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-40931/libapache-session-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3257 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3381 (Compress::Raw::Zlib)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-2219/dpkg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-2219/dpkg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-47229/pspp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-12801/nfs-utils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for problem around CVE-2025-12801
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] NFUs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 4 commits: Process some NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some more NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0847/nltk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add 2N CNA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-14104 as unimportant
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] civetweb fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2026-25674 in python-django for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2026-2219 in dpkg for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for zabbix via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] linux n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Process some CVEs associated with RustDesk products
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new keycloak issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add some new Traefik issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-28353/trivy, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-26377/koha, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] chromium dsa
Andres Salomon ( at dilinger)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-26007: Postpone for bullseye
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] Drop python-cryptography from dla-needed
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] Update information on CVE-2025-12801/nfs-utils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Postpone CVE-2025-12801 (fix should first be exposed in unstable)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new jetty issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new node-dompurify issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add rule for OpenClaw
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new activemy issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new python issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-71074 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] xen spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim asterisk in dla-needed.txt
Lukas Märdian ( at slyon)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25638
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] python-cryptography spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] dpkg spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 7zip ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] busybox fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-bn.js fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-dompurify fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-js-yaml fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] thunderbird fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] underscore fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] rclone fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25794
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25637 is not CVE-2026-25638
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] libsndfile spu, fluidsynth spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] 2 commits: dla: p7zip status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3606/ettercap
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25797
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27137/golang-1.26
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27138/golang-1.26
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27142/golang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-25679/golang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27139/golang
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add some new issues for wekan, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29074/node-svgo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: No more outstanding Django CVEs.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-2297/python2.7 for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-12801 in nfs-utils for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Track proposed augeas update via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29063/node-immutable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29068/pjproject
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29062/jackson-core
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-28804/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-28802/python-authlib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25965
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add two new coredns issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add some new binutils issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15602/snipe-it, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-28799/pjproject
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0848/nltk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new lxml-html-clean issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Two more CVEs covered by 7zip update for trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-69534/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update note style for CVE-2026-25794
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update introducing upstream tag for CVE-2026-25637
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-15599
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-2447/firefox-esr via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] bin/lts-bts: drop obsolete script
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-2219/dpkg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25966
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.26 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-23865/freetype via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25967
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25968
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25969
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2025-69534 in python2.7 for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Triage python3.9 for bullseye LTS (CVE-2025-69534 & CVE-2026-2297)
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Triage CVE-2026-2659, CVE-2026-2661, CVE-2026-3388 & CVE-2026-3389 in squirrel3 for bullseye LTS.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Update commit reference for CVE-2026-25967
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for civetweb via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two lxml-html-clean issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-27622/openexr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-27982/django-allauth
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for pypdf issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference commits for CVE-2025-12801
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25982
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Process some new NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29786/node-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25989
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30909/libcrypt-nacl-sodium-perl, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30910 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29784/ghost, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29778/pyload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29076/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for golang-1.25 issues via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] cryfs in <= trixie embeds libcrypto++
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for embeded code copy change/tracking for cryfs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3713/libpng1.6
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3706/dropbear
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two node-tar issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new caddy issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] requests spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] curl spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for one node-dottie issue fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for nodejs for dsa-needed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-21619/{erlang-hex,rebar3}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for python-multipart via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-57352/node-min-document via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag for upstream fix for CVE-2025-63938
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-63938/tinyproxy via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-29063/node-immutable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new libsoup issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new zabbix issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add upstream issue references for CVE-2026-363{2,3,4}/libsoup
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for vim issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new xgrammar issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new libssh issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3731/libssh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to related issue for CVE-2026-3634
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] embedded-code-copies: reference lzma embedded in 7zip
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2025-12801/nfs-utils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for cpp-httplib issues
Salvatore Bonaccorso ( at carnil)
- Processing 2be7afd40c7d7ee6f5392eb87fba24b86e9c1359 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] NFU
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] golang-github-open-policy-agent-opa n/a
Moritz Muehlenhoff ( at jmm)
- Processing 73e2ae7eb5bfb068677f33fd608bb2e49bbbfcff failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Add reservation for imagemagick update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30838/php-league-commonmark
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0846/nltk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-70050/lesspass, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new freshrss issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new zookeeper issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new quickjs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31802/node-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for two ruby-rack issues fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-27606/node-rollup via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-21620/erlang via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new set of gstreamer related CVEs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new batch of imagemagick issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add more imagemagick issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add some more imagemagick issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-26982/ghostty, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-25960/vllm, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Note that Utkarsh Gupta will prepare updates for ruby-rack
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-25934/golang-github-go-git-go-git
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add spip to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Fix typo in source package name for thunderbird
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Track ntopng as removed from unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-31802/node-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track upstream commit for CVE-2026-3606/ettercap
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3606/ettercap
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new firefox issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process new NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] imagemagick DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] fix typo
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] imagemagick triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for various imagemagick issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox issues from mfsa2026-19 via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new glances issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1965/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3783/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3784/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3805/curl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-21619/rebar3 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] sylpheed spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Claim postgresql-13
Jochen Sprickerhof ( at jspricke)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3904/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3904/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] IM triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3848/gitlab
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31958/python-tornado
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31870/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31852/jellyfin, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29777/traefik, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] DLA-4497-1
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add a note about imagemagick DLA
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA-6160-1 for netty
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2024-29025,netty as fixed in bookworm
Markus Koschany ( at apo)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-2436/libsoup
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new giflib issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new chromium issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] curl fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new gitlab issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new pdfbox non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mold non issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for some openexr issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] libsixel fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-yauzl n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Associate one issue to itp'ed entry for quickjs-ng
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-23868/giflib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for zookeeper issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libsoup3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-31870/cpp-httplib issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for glances issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-31958/python-tornado
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new libheif issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-28356/multipart
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add multipart to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed.txt: Update asterisk status
Lukas Märdian ( at slyon)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31900/black
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31853/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] multipart DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31826/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for linux update (trixie)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for linux update (bookworm)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: dla-needed: add note about python-aiohttp
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] lts: mark CVE-2026-1965,CVE-2026-3783,CVE-2026-3784/curl as postponed
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3497/openssh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new gpac issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32274/black
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32259/imagemagick
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32249/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new capnproto issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] glances fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32597/pyjwt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-4498-1 for linux
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3497/openssh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new node-undici issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new openssl issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new rust-quinn issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Review updates potentially pending for 13.4 point release
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] track second source package for CVE-2026-31812
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new systemd issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-4105
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3949/libheif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3950/libheif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Use full commit hash for commit for CVE-2026-2673
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3950/libheif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-31826/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new freerdp3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-2673/openssl Debian bug reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32274/black
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32249/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32597/pyjwt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-31812: Remove commit related to addition to fuzz_targets
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Only reference rust-quinn-proto for CVE-2026-31812 issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4111/libarchive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32746/inetutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove some notes on CVEs which got rejected (issued in error)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32772/inetutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32640/simpleeval
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32627/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32314/rust-yamux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32141/node-flatted
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31899/cairosvg
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31814/rust-yamux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new issues in sftpgo, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30853/calibre
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-2859/check-mk, removed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new lexbor issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27940/llama.cpp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Merge changes for updates with CVEs via trixie 13.4
Salvatore Bonaccorso ( at carnil)
- Processing 4533111f64cba717324dd5999a2348d09ed1e49e failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for inetutils issues
Salvatore Bonaccorso ( at carnil)
- Processing 928c4bf9276f52622d701942e3a31391c7769e32 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] golang-github-in-toto-go-witness is in the archive now
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for lexbor issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for cairosvg issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4500-1 for gimp
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4501-1 for wireless-regdb
Ben Hutchings ( at benh)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3082/gst-plugins-bad1.0
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-24097/check-mk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-61154/libredwg, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-22248/glpi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new issues in limesurvey, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-32141/node-flatted
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32314/rust-yamux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-4111/libarchive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two chromium issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] update fixed version of DLA-4500-1
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Mark glibc issues fixed in 13.4
Aurelien Jarno ( at aurel32)
- [Git][security-tracker-team/security-tracker][master] Track fix via experimental for CVE-2026-24122/cosign
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2026-32314/rust-yamux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for some libssh issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process one NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three new erlang issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3884/libjs-spin.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] bookworm/trixie triage
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32640/simpleeval
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32627/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for node-undici issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for two capnproto issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3706/dropbear
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for squirrel3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3054/sogo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for biosig issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-40931/libapache-session-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 5 commits: Fix link for CVE-2026-3950 and mark Bullseye as not affected
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-28494
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Correct end-of-life marking for gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add patch link for CVE-2025-14905/389-ds-base
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for erlang issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference commit for CVE-2026-3054/sogo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for valkey issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-14905/389-ds-base
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2026-2760 as well for thunderbird in DLA-4495-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 4 commits: lts: mark CVE-2026-30928, CVE-2026-30930/glances as not affecting Bullseye
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] Claim python3.9
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add patch link for CVE-2026-32746/inetutils
Daniel Leidert ( at dleidert)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-71264/mumble assigned
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two zookeeper issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes via experimental for two capnproto issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] inetutils fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new sqlite3 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-28384/incus
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two golang-golang-x-net issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-23865
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference directly upstream commits for CVE-2025-11143
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-70873/sqlite3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4265/mattermost-server, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4240/open5gs, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4224/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3644/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4185/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4174/radare2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream tags for CVE-2026-0672 fixes
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-28686
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Process some new mattermost-server issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new expat issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32775/libexif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30405/gobgp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new python-authlib issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-68971/forgejo, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-57543/netbox, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new pluxml issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4177/libyaml-syck-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking of proposed muble package via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-4177/libyaml-syck-perl via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new ffmpeg issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add two new mattermost-server issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Pushed new branch users/ecite/suricata-202601
Andreas Dolp ( at ecite)
- [Git][security-tracker-team/security-tracker][master] Merge changes for suricata which got actually acepted for 13.4
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Deleted branch users/ecite/suricata-202601
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23554/xen
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new rust-lz4-flex issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] erlang fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-23555/xen
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-28687
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-28688/imagemagick6
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-28493/imagemagick6
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add imagemagick to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32953/golang-github-tillitis-tkeyclient
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] nodejs DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] gst-plugins-base1.0 DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-30405/gobgp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32775/libexif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lxd/incus n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3888/snapd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-3888/snapd as no-dsa for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for expat issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3888/snapd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4359/mongo-c-driver
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4358/mongodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4271/libsoup
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new mongodb issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32837/miniaudio
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new airflow issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4258/node-sjcl, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-30929/imagemagick6
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-30936/imagemagick6
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4502-1 for ansible
Lee Garrett ( at lgarrett)
- [Git][security-tracker-team/security-tracker][master] LTS: switch FD shifts with Emilio by their request
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] 7 commits: CVE-2026-4186/gpac: mark eol for bullseye
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for expat issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2025-34297 with src:kissfft
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track embedded code copy of kissfft in vtk9
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct tracking for CVE-2026-3906/wordpress
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3906/wordpress
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-34297/kissfft
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Document followup for CVE-2026-25796 for ImageMagick6 patch
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two tempoary entries for two sogo issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2025-63499/sogo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3312/pagure
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] nodejs references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new glances issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new kanboard issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new pyasn1 issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new ONNX issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new ldap-account-manager issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new pyopenssl issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Extend vmware rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add exploit references for CVE-2025-38617
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference non-merge commiit directly for CVE-2026-3260{6,8}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for wordpress issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-26198/ormar via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new roundcube issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new gimp issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag reference for CVE-2026-2046
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track CVE-2026-29056/kanboard fixed version via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-33058/kanboard
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-28500/onnx
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for kanboard issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for glances issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some new juju issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] freetype DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Process new glances issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27135/nghttp2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new htslib issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add golang-github-jackc-pgconn for CVE-2024-27304
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update information for CVE-2026-30922/pyasn1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-25679/go
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2026-3841/openssh: add introductory commit
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-26740/giflib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for some old py-lmdb issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference qualys advisory for snapd issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for glances issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3197{2,3}/samtools
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] pypdf fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Add Parse Server
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] capnproto fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] xpdf n/a
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new python-memray issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new ruby-devise issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new imagemagick issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add two new libxml-parser-perl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add libxml-parser-perl to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Directly reference upstream commit for CVE-2006-1000{2,3}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] gimp fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4503-1 for evolution-data-server
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Merge libxml-parser-perl entries with old non-CVEified entries
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new libarchive issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4427/golang-github-jackc-pgproto3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three new issues in wolfssl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3503/wolfssl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3029/pymupdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add one new qemu issue and track the upstream commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for some qemu issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update commit reference information for some qemu issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove duplicate NOTE marker
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new glance issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2026-3888
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for snapd update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: Add new round of chromium issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream tag information for CVE-2025-65431 commit
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for django-allauth issues addressed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for golang-github-theupdateframework-go-tuf issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some OpenWrt specific CVE assignments
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33412/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new wolfssl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove note from one cleaned up CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for some new wolfssl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: add note regarding python3.9
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] ffmpeg fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4504-1 for libvirt
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] 2 commits: #1131182/Roundcube: Update release post URL
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] #1131182/Roundcube: Add link to regression fix for 1.6.x
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Pinpoint the advisory for CVE-2026-2789{4,5}
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for pyopenssl issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-31826/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference fixing commit for CVE-2026-32700/ruby-devise
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update todo to clarify CVE-2026-32636
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32722
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-27135/nghttp2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-26740/giflib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-30922/pyasn1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for ldap-account-manager issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for pyasn1 issue via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for roundcube issues via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fix via unstable for CVE-2024-27304/golang-github-jackc-pgconn
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-26958 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for wolfssl issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes for one rejected CVE
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4519/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new glibc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33123/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add three new issues in pjproject
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new issues in Traefik, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-32636/imagemagick6
Bastien Roucariès ( at rouca)
- [Git][security-tracker-team/security-tracker][master] Add two issues for ujson
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32986/textpattern
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32701/qwik
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32808/pyload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two more wolfssl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two kibana CVEs, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-26933/packetbeat, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Associate two NFUs for packetbeat to itp'ed entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two golang-github-sigstore-fulcio issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2026-0001
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Update status for two libxml-parser-perl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32710/mariadb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new rust-tar issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two Bitcoin core issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33040/rust-libp2p
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33036/node-webfront
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add one new phpseclib issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32766/rust-astral-tokio-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32711/pydicom
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27953/ormar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-69720/ncurses
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-13462/python
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust note for CVE-2017-18009
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33243/barebox, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new nltk issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33228/node-flatted
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33144/gpac
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33210/ruby-json
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two fuse3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33154/python-dynaconf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33155/deepdiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33151/node-socket.io-parser
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two libde265 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two halloy issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-63261/awstats
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track (re-)fixed version for CVE-2006-10003/libxml-parser-perl via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two jpeg-xl issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk DSA-6172-1
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Add missing CVE to the webkit2gtk DSA
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Associate some NFUs with barebox itp'ed entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add Debian bug references for glibc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference additonal commit for CVE-2026-30405
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark glance issue as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-27895/ldap-account-manager as not-affected for bookworm (and older)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-4427/golang-github-jackc-pgproto3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-33412: Add reference for pull request
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for unstable for CVE-2026-0846/nltk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33412/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libarchive issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4271/libsoup3 bug reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3884/libjs-spin.js
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two vim issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-0847/nltk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-0848/nltk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2025-14009/nltk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-33210/ruby-json
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for nltk issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33228/node-flatted
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33210/ruby-json
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Fix entry for CVE-2006-10003 for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libde265 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Re-associate CVE-2025-58367 from NFU to src:deepdiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33155/deepdiff
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33154
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33151/node-socket.io-parser
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33123/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for rust-tar issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-27953
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for htslib issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32711
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Drop for now no-dsa tagged entry, re-checking for potential DSA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-32766/rust-astral-tokio-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] freeciv DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for ujson issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for phpseclib issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream reference for CVE-2026-33250
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update version info for CVE-2025-46299 (webkit2gtk / wpewebkit)
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2026-33147/gpac: mark as end-of-life for bullseye
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] LTS: fix date in comment, we are not going back in time (yet)
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Correct source association for CVE-2026-1940
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Two sogo CVEs assigned
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33549/spip
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-33228/node-flatted via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream fixes for CVE-2023-37365/hnswlib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33250/freeciv
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-4427/golang-github-jackc-pgproto3 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-33151/node-socket.io-parser
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for spip update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4539/pygments
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-27953/ormar via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process two new NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-33154/python-dynaconf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-2920,2922: add gst-plugins-ugly1.0 fixes for lts branches
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libyaml-syck-perl update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2026-33306/ruby-bcrypt
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4115/putty
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4541/tinyssh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4505-1 for ruby-rack
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for sogo issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: LTS: add inetutils to dla-needed.txt
Carlos Henrique Lima Melara ( at charles)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4506-1 for mapserver
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4507-1 for vlc
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] dla: add awstats
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Claim libyaml-syck-perl
Andrej Shadura ( at andrewsh)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2025-55304/exiv2: introductory commit
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-1837/jpeg-xl does not affect bookworm
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-0672/python: reference follow-up
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-2297/python2: not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim awstats.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] data/dla-needed.txt: Claim inetutils.
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-0865/python: regression merged upstream
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-4224/pypy3: follow bookworm triage
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-XXXX/glance: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Process two NFUs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] allocate DSA for strongSwan
Yves-Alexis Perez ( at corsac)
- [Git][security-tracker-team/security-tracker][master] Try to clarify CVE-2026-0672 and CVE-2026-3644 relation
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-25075/strongswan
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove jython2.7 references
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33699/pypdf
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for node-undici issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed versions via unstable for phpseclib issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for freeciv issue fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for rust-tar issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] LTS: claim libxml-parser-perl in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] add glibc reference
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new phpleague-commonmark issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mapserver ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] node-flatted spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commit for CVE-2026-33347
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference patch for CVE-2026-25075
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] correct reference for CVE-2026-28384
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4647/binutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4645/golang-github-antchfx-xpath
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-27950/freerdp2: not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Process two Keycloak issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new mantis issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add RUSTSEC references for rust-tar issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add RUSTSEC reference for CVE-2026-32766/rust-astral-tokio-tar
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for pypdf issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for one inetutils issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33210/ruby-json fixed version via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-23865/freetype: use reference repository
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add set of new CVEs for chromium
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for chromium issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-29111/systemd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Correct status for CVE-2026-29111/systemd
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference commmits from 257 version for CVE-2026-29111
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2026-33250/freeciv: bullseye EOL
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add strongswan
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add webkit2gtk
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-3312/pagure: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4751/tmate
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4749/miraclecast, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4750/woof-doom
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-4645/golang-github-antchfx-xpath: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add systemd
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-1940,CVE-2026-3083,CVE-2026-3085/gst-plugins-good1.0: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-4111/libarchive: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: gst-plugins-base1.0 status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-27448,CVE-2026-27459/pyopenssl: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2026-23865/freetype
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-23865: Reference followup commit to use builtin overflow protection
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note to upstream pull reference for CVE-2026-4751
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-4750: remove todo for checking woof, it is unrelated
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: snapd note
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-25679/golang-1.15: simplify syntax
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add new firefox issues from mfsa2026-20
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add firefox-esr issues from mfsa2026-22
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add firefox-esr to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add systemd to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add fixed version for CVE-2026-25075/strongswan fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for two node-tar issues after maintainers update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33634/trivy, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-31788/linux
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2026-31788
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: nodejs status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add new pyload issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two minio issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30932/froxlor
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33298/llama.cpp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30849/mantis
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33320/dasel
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33554/freeipmi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take gst* and nss packages
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking of new nodejs issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new thunderbird issues from mfsa2026-24
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add thunderbird to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVEs that affect Python 3.11
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] 3 commits: dla: add firefox-esr
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2026-3842/qemu: bullseye not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 5 commits: CVE-2026-32700/ruby-devise: bullseye ignored
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Merge Linux CVE from kernel-sec
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla-needed: update NOTE for python-authlib
Emmanuel Arias ( at eamanu)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-31884/ceph
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add thunderbird
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add new squid issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox-esr issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark two CVEs as not-affected for firefox/thunderbird issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4508-1 for nss
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33215/nats-server
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two mod-gnutls issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for some rails issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3260/undertow
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for simpleeval via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for sogo issues addressed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4509-1 for awstats
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Add bug number for CVE-2025-63261/awstats
Chris Lamb ( at lamby)
- [Git][security-tracker-team/security-tracker][master] Fix typo in CVE id for nodejs issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nodejs issues addressed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for nodejs in dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3608/isc-kea
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add initial tracking for bind9 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] node-tar spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference blogpost for fuse3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for pymupdf via trixie-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for thunderbird issues addressed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add bind9 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new gitlab issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference now split bug for CVE-2026-4438/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for firefox-esr update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for firefox issues from mfsa2026-20
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2014-125112/libplack-middleware-session-perl
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add roundcube to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] embedded-code-copies: Register nss-pem
Timo Aaltonen ( at tjaalton)
- [Git][security-tracker-team/security-tracker][master] Update status for libxml2 issues fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Adjust nss-pem entry
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for bind9 issues addressed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track nee freerdp3 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: thunderbird status update
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Associate CVE-2026-21991 with dtrace
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add roundcube
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] 5 commits: dla: drop node-bn.js
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Cleanup duplicate entry which is incorrect
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: suggest EOL for spip
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] LTS: claim roundcube in dla-needed.txt
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4878/Keycloak, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add intial tracking for new nats-server issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30892/crun
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-34085/fontconfig
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-25645/requests
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1001/domoticz, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new libvncserver issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-64998/check-mk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-26209/cbor2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] lts: take firefox-esr and thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33636/libpng1.6
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33416/libpng1.6
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-32710/mariadb as not-affected for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track CVE-2026-3305{5,6} as well for rustc as they have security impact in rustc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track embedded copy of rust-tar in rustc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3196
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take care of releasing thunderbird DSA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for gobgp issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for thunderbird update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2025-46299: note that webkit2gtk is eol in bookworm
Alberto Garcia ( at berto)
- Processing b3d9ef37e832d3b71dcb117ecec54f36b036b070 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Adjust location of soruce package for CVE-2025-46299 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3591/bind9
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference commits for bind9 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new issues in node-path-to-regexp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4897/policykit-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4887/gimp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Process some mattermost-server issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new etcd issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] rack DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Remove incorrect triaging for CVE-2026-4887 and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for three squid issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two rustc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-4750/woof-doom
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new znuny issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4510-1 for firefox-esr
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4511-1 for thunderbird
Emilio Pozuelo Monfort ( at pochu)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libpng1.6 issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new set of incus issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-32766/rust-astral-tokio-tar via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for nats-server issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add phpseclib to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track posted debdiff review requests for lxd and incus
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for inetutils
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-4887/gimp via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new imagemagick issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for node-path-to-regexp issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for crun issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33554/freeipmi
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for libvncserver issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-4751/tmate
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-70888/osslsigncode
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-4867
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1556/drupal7
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3650/gdcm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Take care of review of upload for bind9 and DSA
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33532/node-yaml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add some zabbix issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add phpseclib,php-phpseclib
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33481/syft, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-1961/foreman, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4833/discount
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-30587/seafile-server, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-70952/libpf4j-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-34085/fontconfig: bullseye not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-69720/ncurses
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-33298/llama.cpp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2025-70952/libpf4j-java
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for rails issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim strongswan
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3312/pagure
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference to upstream tg for CVE-2026-4174/radare2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33532/node-yaml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for etcd issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for caddy issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add tracking of python-nacl embedding libsodium
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-3650
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Pushed new branch wip/smcv/flatpak-bubblewrap-gone
Simon McVittie ( at smcv)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-27940/llama.cpp via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-355532/node-yaml via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for node-path-to-regexp issues addressed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes for python3.14 issues via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-32274/black via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4512-1 for strongswan
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-25645 as no-dsa for trixie and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-25645/requests
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] claim gst-plugins-bad1.0
Thorsten Alteholz ( at alteholz)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for freeipmi issue fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-3497/openssh
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Document regression for CVE-2025-30189/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-59028/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-59032/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-59031/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] updates to dsa-needed.txt
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] mark two commonleague issues as no-dsa
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-0394/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27860/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-24031/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27859/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27857/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27858/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27856/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27855/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-21712/nodejs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-34085/fontconfig
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for some linux CVEs addressed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference fixes for node-path-to-regexp issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for glibc issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for bind9 issues for bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for bind9 update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] webkit2gtk / wpewebkit upstream advisory WSA-2026-0002
Alberto Garcia ( at berto)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4948/firewalld
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-21724/grafana
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-27893/vllm, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-28377 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33375 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4988/open5gs, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4985/cgif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33658/rails
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4980/inkscape
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for ldap-account-manager issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-2903/re2c via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-34475/varnish
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-34353/ocaml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-34352/tigervnc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33996/libjwt3 (issue specific to 3.0.0 onwards series)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33992/pyload, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new node-handlebars issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new issues in node-forge
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new netty issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new Mastodon issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new openbao issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33750/node-brace-expansion
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33745/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33726/cilium, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33721/mapserver
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new node-anymatch issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33635/ruby-icalendar issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new Traefik issues, itp'ed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two new calibre issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add bind9
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Claim gvfs in dla-needed.txt
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] 4 commits: dla: add zabbix
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-4980/inkscape: bullseye not-affected
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-30892/run
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new grafana issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new undertow issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32287/golang-github-antchfx-xpath
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32286/golang-github-jackc-pgproto3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-32285/golang-github-buger-jsonparser
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new nginx issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two older tikiwiki issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4513-1 for gvfs
Andreas Henriksson ( at ah)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for node-handlebars issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2026-32287/golang-github-antchfx-xpath: bullseye postponed
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add libgpng1.6
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for node-anymatch issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add nginx
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla: add pypdf2
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] Fix typo in one TODO item
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-34352/tigervnc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33996/libjwt3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33936/python-ecdsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33745/cpp-httplib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-4985/cgif
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] dla: add perl
Sylvain Beucler ( at beuc)
- [Git][security-tracker-team/security-tracker][master] dla-needed: unclaim vim
Paride Legovini ( at paride)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for node-anymatch issues fixed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2025-15604 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3256 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-25225/sipp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-25224/pms
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-25223/crashmail
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-25222/sc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2018-25220/bochs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2017-20229/mawk
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two ancient jad issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add two ancient issues in tiemu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add ancient iselect issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2016-20044/pinfo
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2016-20043/nrss
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add old issue for trn
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add ancient issue in yasr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2016-20038/ytree
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33809/golang-golang-x-image
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33349/node-webfont
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33186/golang-google-grpc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DSA number for libxml-parser-perl update
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add dovecot mailing list announce reference
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream commits for CVE-2026-32640/simpleeval
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add simpleeval for further evaluation in dsa-needed
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2025-63261 as no-dsa for trixie and bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark django-allauth issues as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add libpng1.6 to dsa-needed list
Salvatore Bonaccorso ( at carnil)
- Processing c7640d3a0c464c073d3e8969eeda59909541331a failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Process CVE-2026-4851 as NFU
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Skia now in the archive, needs to be checked for fixed status
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for libpng1.6 issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- Processing 9e1c9ee80690bfa4b75e4625e1c10b135e7462e8 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4514-1 for gst-plugins-base1.0
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Take phpseclib,php-phpseclib
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] Adjust source package name as it got choosen to enter the archive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for duckdb now entered the archive
Salvatore Bonaccorso ( at carnil)
- Processing 25f328ede4961ba705e6130f63e4ceeccb3d4089 failed
security tracker role
- [Git][security-tracker-team/security-tracker][master] Add CVE-2016-20046/cernlib
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33750/node-brace-expansion
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for redis and redict issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for node-handlebars issues fixed via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add valkey to dsa-needed with comment
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4515-1 for asterisk
Lukas Märdian ( at slyon)
- [Git][security-tracker-team/security-tracker][master] add nodejs commit references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] incus DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] update status for tiemu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] add a missing CVE reference to Incus DSA
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Drop one additional space between sttaus and severity
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-33996/libjwt3 via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version via unstable for CVE-2026-33750/node-brace-expansion
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes via unstable for CVE-2026-27135/nghttp2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-23919/zabbix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-23920/zabbix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-22921/zabbix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add reference for upstream commit for CVE-2026-33186
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-22924/zabbix
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-33186/golang-google-grpc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug references for netty issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references for CVE-2026-4539/pygments
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for varnish issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-4539/pygments
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-4174/radare2
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add note on openssh in dsa-needed list
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add upstream commit reference for CVE-2026-4897
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-4897/policykit-1
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Clarify CVE-2026-4897 relation with CVE-2015-4625
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] phpseclib DSAs
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] auto-nfu: Expand Apache rule
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-34475/varnish as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark CVE-2026-33554 as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-5037/mxml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixes via experimental for two node-webpack issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for CVE-2026-25639/node-axios
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4516-1 for gst-plugins-ugly1.0
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] add initial commit references for dovecot
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add details for some Python CVEs
Arnaud Rebillout ( at arnaudr)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-59028/dovecot
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add one new tornado issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Split perl part of CVE-2026-3381 into new dedicated CVE-2026-4176
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for four git issues addressed in bookworm
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-33945
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-33691/modsecurity-crs
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed verison for CVE-2026-27171/zlib via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] update tracking for skia code copies now that it's packaged in Debian
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-5119/libsoup
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reference upstream issue for CVE-2026-5119
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-5107/frr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add new roundcube issue, #1132268
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new plexus-utils issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for roundcube issue via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new spring issues
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] new grafana issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2026-4645 (duplicate of CVE-2026-32287)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove ntoes from CVE-2026-4427 (duplicate of 2026-32286)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] new pytorch issue
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] NFU (concludes external check)
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] psychtoolbox-3 embeds glew
Adrian Bunk ( at bunk)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4517-1 for roundcube
Guilhem Moulin ( at guilhem)
- [Git][security-tracker-team/security-tracker][master] Convert a note to TODO item with the aim to drop it again once clarified
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-43767/libskia
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Update status for CVE-2024-43768/libskia
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Reserve DLA-4518-1 for phpseclib
Utkarsh Gupta ( at utkarsh)
- [Git][security-tracker-team/security-tracker][master] more dovecot commit references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-5119/libsoup3
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-5107/frr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2026-5037/mxml
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for CVE-2024-4027/undertow
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] gvfs spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] php-league-commonmark spu/ospu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] erlang spu
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] free fixed in sid
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Reference commit for frr-10.6.0 as well for CVE-2026-5107
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4946/ghidra
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark mxml issues as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-2370/gitlab
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][wip/smcv/flatpak-bubblewrap-gone] flatpak no longer vendors bubblewrap
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] 2 commits: flatpak no longer vendors bubblewrap
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker] Deleted branch wip/smcv/flatpak-bubblewrap-gone
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for imagemagick via unstable
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove notes from CVE-2025-71275 (duplicate of CVE-2024-45519)
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Remove trailing whitespaces in listing
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-5170/mongodb
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-34714/vim
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-512{2,3,4}/gobgp
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-5121/libarchive
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-4046/glibc
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-3945/tinyproxy
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for some ippsample issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two valkey issues addressed via unstable upload
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track fixed version for two python-tornado issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add Debian bug reference for one python-tornado issue
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] more gst commit references
Moritz Muehlenhoff ( at jmm)
- [Git][security-tracker-team/security-tracker][master] Add four new opensc issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Track proposed update for nginx via {bookworm,trixie}-pu
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Mark nginx issues as no-dsa
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add references to upstream comits for nginx issues
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] CVE-2026-34881 for glance issue assigned
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-34073/python-cryptography
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] Add CVE-2026-34036/dolibarr
Salvatore Bonaccorso ( at carnil)
- [Git][security-tracker-team/security-tracker][master] mxml fixed in sid
Moritz Muehlenhoff ( at jmm)
Last message date:
Tue Mar 31 13:11:01 BST 2026
Archived on: Tue Mar 31 13:11:03 BST 2026
This archive was generated by
Pipermail 0.09 (Mailman edition).