[Git][security-tracker-team/security-tracker][master] 5 commits: dla-needed: add postorius

Fri May 8 00:59:34 BST 2026


Daniel Leidert pushed to branch master at Debian Security Tracker / security-tracker


Commits:
926450e4 by Daniel Leidert at 2026-05-08T01:34:52+02:00
dla-needed: add postorius

- - - - -
f3ca9635 by Daniel Leidert at 2026-05-08T01:38:31+02:00
lts: mark CVE-2026-43002/horizon as not affecting Bullseye

- - - - -
c718d01e by Daniel Leidert at 2026-05-08T01:43:16+02:00
dla-needed: add libreoffice

- - - - -
a1b6c111 by Daniel Leidert at 2026-05-08T01:52:53+02:00
lts: mark CVE-2026-41409/mina2 as not affecting Bullseye

- - - - -
e7d29fa7 by Daniel Leidert at 2026-05-08T01:55:42+02:00
dla-needed: add apache2

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -2471,6 +2471,7 @@ CVE-2026-43002 (An issue was discovered in OpenStack Horizon 25.6 and 25.7 befor
 	- horizon 3:25.7.3-1 (bug #1135810)
 	[trixie] - horizon <not-affected> (Vulnerable code not present)
 	[bookworm] - horizon <not-affected> (Vulnerable code not present)
+	[bullseye] - horizon <not-affected> (Vulnerable code not present)
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/05/7
 	NOTE: https://bugs.launchpad.net/horizon/+bug/2150331
 CVE-2026-42997 (An issue was discovered in idrac in OpenStack Ironic before 35.0.1. Du ...)
@@ -6531,6 +6532,7 @@ CVE-2026-41409 (The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getOb
 	- mina2 <unfixed> (bug #1135347)
 	[trixie] - mina2 <no-dsa> (Minor issue)
 	[bookworm] - mina2 <not-affected> (Incomplete fix for CVE-2024-52046 not applied)
+	[bullseye] - mina2 <not-affected> (Incomplete fix for CVE-2024-52046 not applied)
 	- mina <not-affected> (Incomplete fix for CVE-2024-52046 not applied)
 	NOTE: https://lists.apache.org/thread/9ddvsq6c4l5bhwq8l14sob4f8qjvx5c9
 	NOTE: Issue exists because of an incomplete fix for CVE-2024-52046


=====================================
data/dla-needed.txt
=====================================
@@ -49,6 +49,10 @@ amd64-microcode
 apache-log4j2
   NOTE: 20260413: Added by Front-Desk (rouca)
 --
+apache2
+  NOTE: 20260508: Added by Front-Desk (dleidert)
+  NOTE: 20260508: Follow DSA-6248-1 fixing 11 CVEs (dleidert/front-desk)
+--
 asterisk
   NOTE: 20260423: Added by Front-Desk (pochu)
 --
@@ -249,6 +253,10 @@ libpng1.6 (tobi)
 libraw
   NOTE: 20260417: Added by Front-Desk (rouca)
 --
+libreoffice
+  NOTE: 20260508: Added by Front-Desk (dleidert)
+  NOTE: 20260508: Follow DSA-6251-1 (dleidert/front-desk)
+--
 libsoup2.4
   NOTE: 20250408: Added by Front-Desk (Beuc)
   NOTE: 20250427: libsoup2.4 2.72.0-2+deb11u2 (bullseye) uploaded ...
@@ -436,6 +444,10 @@ php-phpseclib (utkarsh)
   NOTE: 20260327: Added by Front-Desk (Beuc)
   NOTE: 20260327: Upcoming DSA; fix also the postponed issue (Beuc/front-desk)
 --
+postorius
+  NOTE: 20260508: Added by Front-Desk (dleidert)
+  NOTE: 20260508: Follow DSA and possibly prepare OSPU (dleidert/front-desk)
+--
 pypdf2 (dleidert)
   NOTE: 20260328: Added by Front-Desk (Beuc)
   NOTE: 20260328: 6 new CVEs, and lots of postponed issues piled-up (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a19c2c9b8b3a7632ef32d5da02ea7fa2c07258f...e7d29fa78867e908f017879cd5bc3fadccc9dca7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/2a19c2c9b8b3a7632ef32d5da02ea7fa2c07258f...e7d29fa78867e908f017879cd5bc3fadccc9dca7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260507/38b1ca07/attachment-0001.htm>
