[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 3 22:04:38 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8913b79b by Moritz Muehlenhoff at 2026-05-03T23:04:27+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2699,18 +2699,26 @@ CVE-2026-41873 (** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of H
 CVE-2026-41607 (Out-of-bounds Read vulnerability in Apache Thrift.  This issue affects ...)
 	[experimental] - thrift 0.23.0-1
 	- thrift <unfixed> (bug #1135348)
+	[trixie] - thrift <no-dsa> (Minor issue)
+	[bookworm] - thrift <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/2
 CVE-2026-41606 (Uncontrolled Recursion vulnerability in Apache Thrift.  This issue aff ...)
 	[experimental] - thrift 0.23.0-1
 	- thrift <unfixed> (bug #1135348)
+	[trixie] - thrift <no-dsa> (Minor issue)
+	[bookworm] - thrift <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/3
 CVE-2026-41603 (Improper Validation of Certificate with Host Mismatch vulnerability in ...)
 	[experimental] - thrift 0.23.0-1
 	- thrift <unfixed> (bug #1135348)
+	[trixie] - thrift <no-dsa> (Minor issue)
+	[bookworm] - thrift <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/7
 CVE-2026-41602 (Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedT ...)
 	[experimental] - thrift 0.23.0-1
 	- thrift <unfixed> (bug #1135348)
+	[trixie] - thrift <no-dsa> (Minor issue)
+	[bookworm] - thrift <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/6
 CVE-2026-41526 (In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safel ...)
 	- kcoreaddons <unfixed> (bug #1135179)
@@ -2760,6 +2768,8 @@ CVE-2025-60887 (An issue was discovered in Cista v0.15 and below. Insecure deser
 CVE-2025-48431 (Mismatched Memory Management Routines vulnerability in Apache Thrift c ...)
 	[experimental] - thrift 0.23.0-1
 	- thrift <unfixed> (bug #1135348)
+	[trixie] - thrift <no-dsa> (Minor issue)
+	[bookworm] - thrift <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/04/28/8
 CVE-2025-10539 (Due to improper TLS certificate validation in the DeskTime Time Tracki ...)
 	NOT-FOR-US: DeskTime Time Tracking App
@@ -7223,10 +7233,13 @@ CVE-2026-39386 (Neko is a a self-hosted virtual browser that runs in Docker and
 	NOT-FOR-US: Neko
 CVE-2026-39378 (The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to v ...)
 	- nbconvert 7.17.1-1 (bug #1134890)
+	[trixie] - nbconvert <no-dsa> (Minor issue)
+	[bookworm] - nbconvert <no-dsa> (Minor issue)
 	NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-7jqv-fw35-gmx9
 	NOTE: Fixed by: https://github.com/jupyter/nbconvert/commit/0e6b8ccabf2aca6c18fac8c574f22b7155f441fb (v7.17.1)
 CVE-2026-39377 (The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to v ...)
 	- nbconvert 7.17.1-1 (bug #1134889)
+	[trixie] - nbconvert <no-dsa> (Minor issue)
 	[bookworm] - nbconvert <not-affected> (Vulnerable code introduced later)
 	[bullseye] - nbconvert <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-4c99-qj7h-p3vg


=====================================
data/dsa-needed.txt
=====================================
@@ -78,7 +78,7 @@ pdfminer (carnil)
 --
 php-laravel-framework/oldstable
 --
-pyjwt
+pyjwt (jmm)
   Jochen Sprickerhof posted debdiffs for review
 --
 python-aiohttp/oldstable
@@ -107,7 +107,7 @@ tomcat10 (apo)
 --
 tomcat11/stable (apo)
 --
-wireshark
+wireshark (jmm)
 --
 xrdp
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8913b79ba665a71e9a244e7c8dd29b3be1d772f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8913b79ba665a71e9a244e7c8dd29b3be1d772f7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260503/6f1bc743/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list