[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 1 13:37:26 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c7f1f962 by Moritz Muehlenhoff at 2026-05-01T14:37:18+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -585,6 +585,8 @@ CVE-2026-34965 (Cockpit CMS contains an authenticated remote code execution vuln
 	NOT-FOR-US: Cockpit CMS
 CVE-2026-1858 (wget2 accepts a server certificate with incorrect Key Usage (KU) or Ex ...)
 	- wget2 <unfixed>
+	[trixie] - wget2 <no-dsa> (Minor issue)
+	[bookworm] - wget2 <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://gitlab.com/gnuwget/wget2/-/commit/f4854d7fbc0a85c1d9873f5980707c0b80df212a
 CVE-2025-50328 (A vulnerability in B1 Free Archiver v1.5.86 allows files extracted fro ...)
 	NOT-FOR-US: B1 Free Archiver
@@ -673,6 +675,8 @@ CVE-2026-33846
 	NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1
 CVE-2026-7381 (Plack::Middleware::XSendfile versions through 1.0053 for Perl can allo ...)
 	- libplack-perl <unfixed> (bug #1135324)
+	[trixie] - libplack-perl <no-dsa> (Minor issue)
+	[bookworm] - libplack-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39467666/
 CVE-2026-40684 (In Exim before 4.99.2, on systems using musl libc (not glibc), an atta ...)
 	- exim4 4.99.2-1 (unimportant)
@@ -3283,6 +3287,8 @@ CVE-2026-41309 (Open Source Social Network (OSSN) is open-source social networki
 	NOT-FOR-US: Open Source Social Network (OSSN)
 CVE-2026-41305 (PostCSS takes a CSS file and provides an API to analyze and modify its ...)
 	- node-postcss 8.5.12+~cs9.3.32-1
+	[trixie] - node-postcss <no-dsa> (Minor issue)
+	[bookworm] - node-postcss <no-dsa> (Minor issue)
 	NOTE: https://github.com/postcss/postcss/security/advisories/GHSA-qx2v-qp2m-jg93
 	NOTE: https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b (8.5.10)
 CVE-2026-41279 (Flowise is a drag & drop user interface to build a customized large la ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -34,9 +34,11 @@ frr
 gh/oldstable
   Santiago Vila might work on preparing an update
 --
-git-lfs
+git-lfs/oldstable
 --
-imagemagick
+gnutls28
+--
+imagemagick (jmm)
 --
 isc-kea/oldstable
 --
@@ -44,6 +46,8 @@ jackson-core (apo)
 --
 kamailio
 --
+krb5
+--
 lcms2 (jmm)
 --
 libreswan/oldstable
@@ -61,7 +65,7 @@ netty
 --
 nghttp2
 --
-nodejs/oldstable
+nodejs/oldstable (jmm)
 --
 openjdk-25/stable (jmm)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f1f96283dfac4f78bba68a4557dfa7f2f4bc0a

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7f1f96283dfac4f78bba68a4557dfa7f2f4bc0a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260501/6024b6c1/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list