[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri May 1 13:05:22 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21fbc0fd by Moritz Muehlenhoff at 2026-05-01T13:55:43+02:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -65,6 +65,8 @@ CVE-2026-6127 (The Elementor Website Builder plugin for WordPress is vulnerable
NOT-FOR-US: WordPress plugin
CVE-2026-5656 (Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
- wireshark <unfixed> (bug #1135323)
+ [trixie] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-21.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21115
CVE-2026-5405 (RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to ...)
@@ -73,10 +75,14 @@ CVE-2026-5405 (RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21105
CVE-2026-5404 (K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4 ...)
- wireshark <unfixed> (bug #1135323)
+ [trixie] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-15.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21094
CVE-2026-5403 (SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows ...)
- wireshark <unfixed> (bug #1135323)
+ [trixie] - wireshark <no-dsa> (Minor issue)
+ [bookworm] - wireshark <no-dsa> (Minor issue)
NOTE: https://www.wireshark.org/security/wnpa-sec-2026-16.html
NOTE: https://gitlab.com/wireshark/wireshark/-/issues/21103
CVE-2026-4503 (IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unaut ...)
@@ -3254,6 +3260,7 @@ CVE-2026-41325 (Kirby is an open-source content management system. Kirby's user
NOT-FOR-US: Kirby CMS
CVE-2026-41324 (basic-ftp is an FTP client for Node.js. Versions prior to 5.3.0 are vu ...)
- node-proxy-agents 0~2025070717+~cs15.3.7-1
+ [trixie] - node-proxy-agents <no-dsa> (Minor issue)
NOTE: https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr
CVE-2026-41323 (Kyverno is a policy engine designed for cloud native platform engineer ...)
NOT-FOR-US: Kyverno
@@ -6625,6 +6632,8 @@ CVE-2026-6048 (The Flipbox Addon for Elementor plugin for WordPress is vulnerabl
NOT-FOR-US: WordPress plugin
CVE-2026-5720 (miniupnpd contains an integer underflow vulnerability in SOAPAction he ...)
- miniupnpd 2.3.10-1 (bug #1134334)
+ [trixie] - miniupnpd <no-dsa> (Minor issue)
+ [bookworm] - miniupnpd <no-dsa> (Minor issue)
[bullseye] - miniupnpd <postponed> (Minor issue; DoS)
NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/a0ee71e9fa66b60052bb3d2cf84380b79db3f8c8 (miniupnpd_2_3_10)
CVE-2026-5250
@@ -10806,6 +10815,7 @@ CVE-2026-39985 (LORIS (Longitudinal Online Research and Imaging System) is a sel
NOT-FOR-US: LORIS (Longitudinal Online Research and Imaging System)
CVE-2026-39983 (basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allo ...)
- node-proxy-agents 0~2025070717+~cs15.3.7-1 (bug #1134730)
+ [trixie] - node-proxy-agents <no-dsa> (Minor issue)
NOTE: https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q
NOTE: Fixed by: https://github.com/patrickjuchli/basic-ftp/commit/2ecc8e2c500c5234115f06fd1dbde1aa03d70f4b (v5.2.1)
CVE-2026-39981 (AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the s ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -44,6 +44,8 @@ jackson-core (apo)
--
kamailio
--
+lcms2 (jmm)
+--
libreswan/oldstable
Waiting on feedback from maintainer
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21fbc0fd8075a253daa6454931f9cb042a601eaf
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21fbc0fd8075a253daa6454931f9cb042a601eaf
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/525dfd7a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list