[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Sun May 3 22:53:03 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de7e4a87 by Moritz Muehlenhoff at 2026-05-03T23:38:14+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1450,6 +1450,8 @@ CVE-2026-7270 (An operator precedence bug in the kernel results in a scenario wh
 	NOT-FOR-US: FreeBSD
 CVE-2026-7246 (Pallets Click, versions 8.3.2 and below, contain a command injection v ...)
 	- python-click <unfixed> (bug #1135379)
+	[trixie] - python-click <no-dsa> (Minor issue)
+	[bookworm] - python-click <no-dsa> (Minor issue)
 	NOTE: https://github.com/tsigouris007/security-advisories/security/advisories/GHSA-47fr-3ffg-hgmw
 	NOTE: Fixed by: https://github.com/pallets/click/commit/b96c2601af4e01341b4d2c0db494ebee4aef8f42 (8.3.3)
 CVE-2026-7164 (Incorrect packet validation allowed unbounded recursion parsing SCTP c ...)
@@ -2017,9 +2019,13 @@ CVE-2026-40685 (In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bo
 	NOTE: JSON lookup support not enabled in Debian
 CVE-2026-40686 (In Exim before 4.99.2, when utf8 operators are enabled, there is an ou ...)
 	- exim4 4.99.2-1
+	[trixie] - exim4 <no-dsa> (Minor issue)
+	[bookworm] - exim4 <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://code.exim.org/exim/exim/commit/f2570bde16fb4d4a1242ff363a4c4eecf6372efc
 CVE-2026-40687 (In Exim before 4.99.2, when the SPA authentication driver is used with ...)
 	- exim4 4.99.2-1
+	[trixie] - exim4 <no-dsa> (Minor issue)
+	[bookworm] - exim4 <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://code.exim.org/exim/exim/commit/68b963b9f75ca27b38e1c0f8c87037990199f505
 CVE-2026-7466 (AgentFlow contains an arbitrary code execution vulnerability that allo ...)
 	NOT-FOR-US: AgentFlow
@@ -3850,6 +3856,7 @@ CVE-2026-33666 (Zserio is a framework for serializing structured data with a com
 	NOT-FOR-US: Zserio
 CVE-2026-33662 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
 	- optee-os <unfixed> (bug #1134896)
+	[trixie] - optee-os <no-dsa> (Minor issue)
 	NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-4cf8-v5g3-73gr
 CVE-2026-33524 (Zserio is a framework for serializing structured data with a compact a ...)
 	NOT-FOR-US: Zserio
@@ -4758,6 +4765,7 @@ CVE-2026-33318 (Actual is a local-first personal finance tool. Prior to version
 	NOT-FOR-US: Actual
 CVE-2026-33317 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion  ...)
 	- optee-os <unfixed> (bug #1135621)
+	[trixie] - optee-os <no-dsa> (Minor issue)
 	NOTE: https://github.com/OP-TEE/optee_os/security/advisories/GHSA-8cqw-mg7v-c9p9
 	NOTE: Fixed by: https://github.com/OP-TEE/optee_os/commit/149e8d7ecc4ef8bb00ab4a37fd2ccede6d79e1ca (master)
 	NOTE: Fixed by: https://github.com/OP-TEE/optee_os/commit/16926d5a46934c46e6656246b4fc18385a246900 (master)
@@ -19618,6 +19626,8 @@ CVE-2026-21724 (A vulnerability has been discovered in Grafana OSS where an auth
 	- grafana <removed>
 CVE-2026-4948 (A flaw was found in firewalld. A local unprivileged user can exploit t ...)
 	- firewalld 2.4.0-2
+	[trixie] - firewalld <no-dsa> (Minor issue)
+	[bookworm] - firewalld <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2452086
 	NOTE: Fixed by: https://github.com/firewalld/firewalld/commit/5fb3914ad830feff6cb2b0670457c60a323c6c6c
 CVE-2026-27855 (Dovecot OTP authentication is vulnerable to replay attack under specif ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7e4a873dcbc6ce047520c95fdeb7d35113256b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/de7e4a873dcbc6ce047520c95fdeb7d35113256b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260503/7a4760cb/attachment.htm>

More information about the debian-security-tracker-commits mailing list