[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 8 08:09:15 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
48d91bb6 by Moritz Muehlenhoff at 2026-05-08T09:07:10+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3101,9 +3101,13 @@ CVE-2026-0073 (In adbd_tls_verify_cert of auth.cpp, there is a possible bypass o
 	NOT-FOR-US: Android
 CVE-2025-70072 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial  ...)
 	- assimp <unfixed>
+	[trixie] - assimp <no-dsa> (Minor issue)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465290
 CVE-2025-70071 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial  ...)
 	- assimp <unfixed>
+	[trixie] - assimp <no-dsa> (Minor issue)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465675
 CVE-2025-67796 (IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that al ...)
 	- rdiffweb <itp> (bug #969974)
@@ -3136,12 +3140,18 @@ CVE-2026-43870 (Origin Validation Error, Improper Limitation of a Pathname to a
 	NOTE: nodejs bindings not built in Debian package
 CVE-2025-70070 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial  ...)
 	- assimp <unfixed>
+	[trixie] - assimp <no-dsa> (Minor issue)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465295
 CVE-2025-70069 (An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial  ...)
 	- assimp <unfixed>
+	[trixie] - assimp <no-dsa> (Minor issue)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465306
 CVE-2025-70067 (Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in ...)
 	- assimp <unfixed>
+	[trixie] - assimp <no-dsa> (Minor issue)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2465308
 CVE-2026-43868 (Memory Allocation with Excessive Size Value vulnerability in Apache Th ...)
 	[experimental] - thrift 0.23.0-1
@@ -156086,16 +156096,16 @@ CVE-2025-3017 (A vulnerability, which was classified as critical, has been found
 	NOT-FOR-US: TA-Lib
 CVE-2025-3016 (A vulnerability classified as problematic was found in Open Asset Impo ...)
 	- assimp 6.0.2+ds-1 (bug #1102235)
-	[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
-	[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+	[trixie] - assimp <no-dsa> (Minor issue)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	[bullseye] - assimp <postponed> (Minor issue, OOM DoS)
 	NOTE: https://github.com/assimp/assimp/issues/6022
 	NOTE: https://github.com/assimp/assimp/pull/6046
 	NOTE: https://github.com/assimp/assimp/commit/7f2c9d7b8843563f617312f7808e1d36e7ee9fde (v6.0.0)
 CVE-2025-3015 (A vulnerability classified as critical has been found in Open Asset Im ...)
 	- assimp 6.0.2+ds-1 (bug #1102234)
-	[trixie] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
-	[bookworm] - assimp <postponed> (Minor issue, revisit when/if fixed upstream)
+	[trixie] - assimp <no-dsa> (Minor issue)
+	[bookworm] - assimp <no-dsa> (Minor issue)
 	[bullseye] - assimp <postponed> (Minor issue, OOB read)
 	NOTE: https://github.com/assimp/assimp/issues/6021
 	NOTE: https://github.com/assimp/assimp/pull/6045


=====================================
data/dsa-needed.txt
=====================================
@@ -20,7 +20,7 @@ botan3/stable
 ceph
  for CVE-2024-47866, rest harmless
 --
-corosync
+corosync (jmm)
   Ferenc Wágner is preparing an update
 --
 cups
@@ -119,7 +119,7 @@ tomcat10 (apo)
 --
 tomcat11/stable (apo)
 --
-tor
+tor (jmm)
 --
 xrdp
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48d91bb6ffd931c85d165920236a30f7aef7b7fb

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/48d91bb6ffd931c85d165920236a30f7aef7b7fb
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260508/3d2d4880/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list