[Git][security-tracker-team/security-tracker][master] 3 commits: Remove entries for suricata for bookworm (removed)
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat May 16 11:17:12 BST 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bbf06936 by Salvatore Bonaccorso at 2026-05-15T17:56:36+02:00
Remove entries for suricata for bookworm (removed)
- - - - -
4d76bbbb by Salvatore Bonaccorso at 2026-05-15T17:57:45+02:00
Merge changes for updates with CVEs via trixie 12.14
- - - - -
1f14c95d by Salvatore Bonaccorso at 2026-05-16T12:17:06+02:00
Merge branch 'bookworm-12.14' into 'master'
Merge changes accepted for bookworm 12.14 release
See merge request security-tracker-team/security-tracker!294
- - - - -
2 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -11476,7 +11476,7 @@ CVE-2022-50992 (Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an
CVE-2026-39402 (lxc is a Linux container runtime. In the setuid helper lxc-user-nic, t ...)
- lxc 1:7.0.0-1
[trixie] - lxc 1:6.0.4-4+deb13u3
- [bookworm] - lxc <no-dsa> (Minor issue)
+ [bookworm] - lxc 1:5.0.2-1+deb12u4
[bullseye] - lxc <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/lxc/lxc/security/advisories/GHSA-3m9j-g9gc-vcvq
NOTE: https://github.com/lxc/lxc/pull/4678
@@ -12705,7 +12705,7 @@ CVE-2024-54011 (Penetration Testing engineers at Amazon have discovered a flaw w
CVE-2026-6691 (The MongoDB C Driver's Cyrus SASL integration performs unsafe string c ...)
- mongo-c-driver 2.2.0-1
[trixie] - mongo-c-driver 1.30.4-1+deb13u2
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
[bullseye] - mongo-c-driver <postponed> (Minor issue; can be fixed in next update)
NOTE: https://jira.mongodb.org/browse/CDRIVER-6134
NOTE: https://github.com/mongodb/mongo-c-driver/commit/b4984965877d559862e225beba09cb4e9d4a56a6 (2.2.0)
@@ -12950,7 +12950,7 @@ CVE-2024-46636 (NASA Earth Observing System Data and Information System (EOSDIS)
CVE-2026-42167 (mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute ar ...)
- proftpd-dfsg 1.3.9~dfsg-5 (bug #1135119)
[trixie] - proftpd-dfsg 1.3.8.c+dfsg-4+deb13u2
- [bookworm] - proftpd-dfsg <no-dsa> (Minor issue, will be fixed via ospu)
+ [bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u5
NOTE: https://github.com/proftpd/proftpd/issues/2052
CVE-2026-7148 (A flaw has been found in CodeAstro Online Classroom 1.0. This affects ...)
NOT-FOR-US: CodeAstro Online Classroom
@@ -14780,7 +14780,7 @@ CVE-2026-29050 (melange allows users to build apk packages using declarative pip
CVE-2026-28525 (SWUpdate contains an integer underflow vulnerability in the multipart ...)
- swupdate 2025.12+dfsg-9
[trixie] - swupdate 2024.12.1+dfsg-3+deb13u2
- [bookworm] - swupdate <no-dsa> (Minor issue)
+ [bookworm] - swupdate 2022.12+dfsg-4+deb12u2
[bullseye] - swupdate <postponed> (Minor issue; can be fixed in next update)
NOTE: Fixed by: https://github.com/sbabic/swupdate/commit/beee2dc0feef1cfe84f1aa6fc980e104b2e47a74
CVE-2026-27843 (A vulnerability exists inSenseLive X3050's web management interface th ...)
@@ -17723,7 +17723,7 @@ CVE-2026-5963 (EasyFlow .NET developed by Digiwin has a SQL Injection vulnerabil
CVE-2026-5958 (When sed is invoked with both -i (in-place edit) and --follow-symlinks ...)
- sed 4.9-3 (bug #1134495)
[trixie] - sed 4.9-2+deb13u1
- [bookworm] - sed <no-dsa> (Minor issue)
+ [bookworm] - sed 4.9-1+deb12u1
[bullseye] - sed <postponed> (Minor issue; can be fixed in next update)
NOTE: https://gitweb.git.savannah.gnu.org/gitweb/?p=sed.git;a=commit;h=6b9b43c55ccd3beadbc0094b983c82bdb389f33b
NOTE: https://www.openwall.com/lists/oss-security/2026/05/13/1
@@ -17734,7 +17734,7 @@ CVE-2026-4048 (OS Command Injection Remote Code Execution Vulnerability in UI in
CVE-2026-41445 (KissFFT before commit8a8e66e contains an integer overflow vulnerabilit ...)
- kissfft 131.1.0-4.1 (bug #1134493)
[trixie] - kissfft 131.1.0-4.1~deb13u1
- [bookworm] - kissfft <no-dsa> (Minor issue)
+ [bookworm] - kissfft 131.1.0-4.1~deb12u1
[bullseye] - kissfft <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/mborgerding/kissfft/commit/8a8e66e33d692bad1376fe7904d87d767730537f
CVE-2026-41389 (OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root ...)
@@ -19346,12 +19346,12 @@ CVE-2026-6296 (Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.772
CVE-2026-40176 (Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 ...)
- composer 2.9.7-1
[trixie] - composer 2.8.8-1+deb13u2
- [bookworm] - composer <no-dsa> (Minor issue; can be fixed via point release)
+ [bookworm] - composer 2.5.5-1+deb12u4
NOTE: https://github.com/composer/composer/security/advisories/GHSA-wg36-wvj6-r67p
CVE-2026-40261 (Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 ...)
- composer 2.9.7-1
[trixie] - composer 2.8.8-1+deb13u2
- [bookworm] - composer <no-dsa> (Minor issue; can be fixed via point release)
+ [bookworm] - composer 2.5.5-1+deb12u4
NOTE: https://github.com/composer/composer/security/advisories/GHSA-gqw4-4w2p-838q
CVE-2026-40959 (Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox esca ...)
{DSA-6217-1}
@@ -20168,7 +20168,7 @@ CVE-2024-23104 (An exposure of sensitive information to an unauthorized actor vu
CVE-2026-34003 (A flaw was found in the X.Org X server's XKB key types request validat ...)
- xorg-server 2:21.1.22-1
[trixie] - xorg-server 2:21.1.16-1.3+deb13u2
- [bookworm] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - xorg-server 2:21.1.7-3+deb12u12
[bullseye] - xorg-server <postponed> (Minor issue)
- xwayland 2:24.1.10-1
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -20179,7 +20179,7 @@ CVE-2026-34003 (A flaw was found in the X.Org X server's XKB key types request v
CVE-2026-34002 (A flaw was found in the X.Org X server. This vulnerability, an out-of- ...)
- xorg-server 2:21.1.22-1
[trixie] - xorg-server 2:21.1.16-1.3+deb13u2
- [bookworm] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - xorg-server 2:21.1.7-3+deb12u12
[bullseye] - xorg-server <postponed> (Minor issue)
- xwayland 2:24.1.10-1
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -20189,7 +20189,7 @@ CVE-2026-34002 (A flaw was found in the X.Org X server. This vulnerability, an o
CVE-2026-34001 (A flaw was found in the X.Org X server. This use-after-free vulnerabil ...)
- xorg-server 2:21.1.22-1
[trixie] - xorg-server 2:21.1.16-1.3+deb13u2
- [bookworm] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - xorg-server 2:21.1.7-3+deb12u12
[bullseye] - xorg-server <postponed> (Minor issue)
- xwayland 2:24.1.10-1
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -20199,7 +20199,7 @@ CVE-2026-34001 (A flaw was found in the X.Org X server. This use-after-free vuln
CVE-2026-34000 (A flaw was found in the X.Org X server. This out-of-bounds read vulner ...)
- xorg-server 2:21.1.22-1
[trixie] - xorg-server 2:21.1.16-1.3+deb13u2
- [bookworm] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - xorg-server 2:21.1.7-3+deb12u12
[bullseye] - xorg-server <postponed> (Minor issue)
- xwayland 2:24.1.10-1
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -20209,7 +20209,7 @@ CVE-2026-34000 (A flaw was found in the X.Org X server. This out-of-bounds read
CVE-2026-33999 (A flaw was found in the X.Org X server. This integer underflow vulnera ...)
- xorg-server 2:21.1.22-1
[trixie] - xorg-server 2:21.1.16-1.3+deb13u2
- [bookworm] - xorg-server <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - xorg-server 2:21.1.7-3+deb12u12
[bullseye] - xorg-server <postponed> (Minor issue)
- xwayland 2:24.1.10-1
[trixie] - xwayland <ignored> (Minor issue; Xwayland shouldn't be running as root)
@@ -20500,7 +20500,7 @@ CVE-2026-5086 (Crypt::SecretBuffer versions before 0.019 for Perl is suseceptibl
CVE-2026-6231 (The bson_validate function may return early on specific inputs and inc ...)
- mongo-c-driver 2.1.0-1
[trixie] - mongo-c-driver 1.30.4-1+deb13u2
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
[bullseye] - mongo-c-driver <postponed> (minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-6017
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/d184525513e5bf21f30810c00d6b0094aac8b00c (2.1.0)
@@ -20970,13 +20970,13 @@ CVE-2026-40386 (In libexif through 0.6.25, an integer underflow in size checking
{DLA-4558-1}
- libexif 0.6.26-1 (bug #1133923)
[trixie] - libexif 0.6.25-1+deb13u1
- [bookworm] - libexif <no-dsa> (Minor issue)
+ [bookworm] - libexif 0.6.24-1+deb12u1
NOTE: Fixed by: https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b
CVE-2026-40385 (In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon ...)
{DLA-4558-1}
- libexif 0.6.26-1 (bug #1133922)
[trixie] - libexif 0.6.25-1+deb13u1
- [bookworm] - libexif <no-dsa> (Minor issue)
+ [bookworm] - libexif 0.6.24-1+deb12u1
NOTE: Fixed by: https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58
CVE-2019-25713 (MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authe ...)
NOT-FOR-US: MyT-PM
@@ -21150,7 +21150,7 @@ CVE-2026-40242 (Arcane is an interface for managing Docker containers, images, n
CVE-2026-40199 (Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped I ...)
- libnet-cidr-lite-perl 0.22-3
[trixie] - libnet-cidr-lite-perl 0.22-3~deb13u1
- [bookworm] - libnet-cidr-lite-perl <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - libnet-cidr-lite-perl 0.22-3~deb12u1
[bullseye] - libnet-cidr-lite-perl <postponed> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38785618/
NOTE: Fixed by: https://github.com/stigtsp/Net-CIDR-Lite/commit/b7166b1fa17b3b14b4c795ace5b3fbf71a0bd04a (0.23)
@@ -21158,7 +21158,7 @@ CVE-2026-40199 (Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 ma
CVE-2026-40198 (Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 g ...)
- libnet-cidr-lite-perl 0.22-3
[trixie] - libnet-cidr-lite-perl 0.22-3~deb13u1
- [bookworm] - libnet-cidr-lite-perl <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - libnet-cidr-lite-perl 0.22-3~deb12u1
[bullseye] - libnet-cidr-lite-perl <postponed> (Minor issue)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/38785616/
NOTE: Fixed by: https://github.com/stigtsp/Net-CIDR-Lite/commit/25d65f85dbe4885959a10471725ec9d250a589c3 (0.23)
@@ -21166,13 +21166,13 @@ CVE-2026-40198 (Net::CIDR::Lite versions before 0.23 for Perl does not validate
CVE-2026-40194 (phpseclib is a PHP secure communications library. Starting in 0.1.1 an ...)
- php-phpseclib3 3.0.51-1
[trixie] - php-phpseclib3 3.0.43-2+deb13u2
- [bookworm] - php-phpseclib3 <no-dsa> (Minor issue)
+ [bookworm] - php-phpseclib3 3.0.19-1+deb12u5
- php-phpseclib 2.0.53-1
[trixie] - php-phpseclib 2.0.48-3+deb13u2
- [bookworm] - php-phpseclib <no-dsa> (Minor issue)
+ [bookworm] - php-phpseclib 2.0.42-1+deb12u4
- phpseclib 1.0.28-1
[trixie] - phpseclib 1.0.23-6+deb13u2
- [bookworm] - phpseclib <no-dsa> (Minor issue)
+ [bookworm] - phpseclib 1.0.20-1+deb12u4
[bullseye] - phpseclib <postponed> (Minor issue)
NOTE: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx
NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac (3.0.51, 2.0.53, 1.0.28)
@@ -24742,7 +24742,7 @@ CVE-2025-13044 (IBM Concert 1.0.0 through 2.2.0 creates temporary files with pre
CVE-2026-4878 (A flaw was found in libcap. A local unprivileged user can exploit a Ti ...)
- libcap2 1:2.78-1
[trixie] - libcap2 1:2.75-10+deb13u1
- [bookworm] - libcap2 <no-dsa> (Minor issue)
+ [bookworm] - libcap2 1:2.66-4+deb12u3
[bullseye] - libcap2 <postponed> (Minor issue)
NOTE: https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh
NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r
@@ -25407,7 +25407,7 @@ CVE-2026-40226 (In nspawn in systemd 233 through 259 before 260, an escape-to-ho
{DLA-4533-1}
- systemd 260~rc3-1
[trixie] - systemd 257.13-1~deb13u1
- [bookworm] - systemd <no-dsa> (Minor issue)
+ [bookworm] - systemd 252.39-1~deb12u2
NOTE: https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx
NOTE: Fixed by: https://github.com/systemd/systemd/commit/61bceb1bff4b1f9c126b18dc971ca3e6d8c71c40 (v260-rc3)
NOTE: Fixed by: https://github.com/systemd/systemd/commit/7b85f5498a958e5bb660c703b8f4a71cceed3373 (v260-rc3)
@@ -25417,7 +25417,7 @@ CVE-2026-40225 (In udev in systemd before 260, local root execution can occur vi
{DLA-4533-1}
- systemd 260~rc4-1
[trixie] - systemd 257.13-1~deb13u1
- [bookworm] - systemd <no-dsa> (Minor issue)
+ [bookworm] - systemd 252.39-1~deb12u2
NOTE: https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx
NOTE: Fixed by: https://github.com/systemd/systemd/commit/16325b35fa6ecb25f66534a562583ce3b96d52f3 (v260-rc3)
NOTE: Fixed by: https://github.com/systemd/systemd/commit/54f880b02ecf7362e630ffc885d1466df6ee6820 (v260-rc4)
@@ -26407,7 +26407,7 @@ CVE-2026-34088 (Exposure of Sensitive Information to an Unauthorized Actor vulne
CVE-2026-35535 (In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid ...)
- sudo 1.9.17p2-5 (bug #1130593)
[trixie] - sudo 1.9.16p2-3+deb13u2
- [bookworm] - sudo <no-dsa> (Minor issue, can be fixed in a point release)
+ [bookworm] - sudo 1.9.13p3-1+deb12u4
[bullseye] - sudo <postponed> (Minor issue, can be fixed in a point release)
NOTE: Introduced by: https://github.com/sudo-project/sudo/commit/bd1ca79cca827a92e904f022e49df121931d4ff5 (SUDO_1_9_4p1)
NOTE: Fixed by: https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69
@@ -26511,31 +26511,31 @@ CVE-2026-35414 (OpenSSH before 10.3 mishandles the authorized_keys principals op
{DLA-4584-1}
- openssh 1:10.3p1-1 (bug #1132576)
[trixie] - openssh 1:10.0p1-7+deb13u3
- [bookworm] - openssh <no-dsa> (Minor issue)
+ [bookworm] - openssh 1:9.2p1-2+deb12u10
NOTE: https://www.openssh.org/releasenotes.html#10.3p1
CVE-2026-35388 (OpenSSH before 10.3 omits connection multiplexing confirmation for pro ...)
{DLA-4584-1}
- openssh 1:10.3p1-1 (bug #1132575)
[trixie] - openssh 1:10.0p1-7+deb13u3
- [bookworm] - openssh <no-dsa> (Minor issue)
+ [bookworm] - openssh 1:9.2p1-2+deb12u10
NOTE: https://www.openssh.org/releasenotes.html#10.3p1
CVE-2026-35387 (OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of an ...)
{DLA-4584-1}
- openssh 1:10.3p1-1 (bug #1132574)
[trixie] - openssh 1:10.0p1-7+deb13u3
- [bookworm] - openssh <no-dsa> (Minor issue)
+ [bookworm] - openssh 1:9.2p1-2+deb12u10
NOTE: https://www.openssh.org/releasenotes.html#10.3p1
CVE-2026-35386 (In OpenSSH before 10.3, command execution can occur via shell metachar ...)
{DLA-4584-1}
- openssh 1:10.3p1-1 (bug #1132573)
[trixie] - openssh 1:10.0p1-7+deb13u3
- [bookworm] - openssh <no-dsa> (Minor issue)
+ [bookworm] - openssh 1:9.2p1-2+deb12u10
NOTE: https://www.openssh.org/releasenotes.html#10.3p1
CVE-2026-35385 (In OpenSSH before 10.3, a file downloaded by scp may be installed setu ...)
{DLA-4584-1}
- openssh 1:10.3p1-1 (bug #1132572)
[trixie] - openssh 1:10.0p1-7+deb13u3
- [bookworm] - openssh <no-dsa> (Minor issue)
+ [bookworm] - openssh 1:9.2p1-2+deb12u10
NOTE: https://www.openssh.org/releasenotes.html#10.3p1
CVE-2026-35168 (OpenSTAManager is an open source management software for technical ass ...)
NOT-FOR-US: OpenSTAManager
@@ -26834,7 +26834,6 @@ CVE-2026-32145 (Allocation of Resources Without Limits or Throttling vulnerabili
CVE-2026-31937 (Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15 ...)
- suricata 1:8.0.1-1
[trixie] - suricata 1:7.0.10-1+deb13u4
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-86vg-w8vm-m3gg
NOTE: https://redmine.openinfosecfoundation.org/issues/8304
NOTE: Fixed in main via https://redmine.openinfosecfoundation.org/issues/5699
@@ -26842,7 +26841,6 @@ CVE-2026-31937 (Suricata is a network IDS, IPS and NSM engine. Prior to version
CVE-2026-31935 (Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.1 ...)
- suricata 1:8.0.4-1
[trixie] - suricata 1:7.0.10-1+deb13u4
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-vxrp-5pg7-7v4x
NOTE: https://redmine.openinfosecfoundation.org/issues/8295 (suricata-8.0.4)
NOTE: https://redmine.openinfosecfoundation.org/issues/8296 (suricata-7.0.15)
@@ -26851,7 +26849,6 @@ CVE-2026-31935 (Suricata is a network IDS, IPS and NSM engine. Prior to versions
CVE-2026-31934 (Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to b ...)
- suricata 1:8.0.4-1
[trixie] - suricata <not-affected> (Vulnerable code not present)
- [bookworm] - suricata <not-affected> (Vulnerable code not present)
[bullseye] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-hr89-h2pp-f3c8
NOTE: https://redmine.openinfosecfoundation.org/issues/8293
@@ -26860,7 +26857,6 @@ CVE-2026-31934 (Suricata is a network IDS, IPS and NSM engine. From version 8.0.
CVE-2026-31933 (Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.1 ...)
- suricata 1:8.0.4-1
[trixie] - suricata 1:7.0.10-1+deb13u4
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-hvp5-gpr6-j4gp
NOTE: https://redmine.openinfosecfoundation.org/issues/8364 (suricata-8.0.4)
NOTE: https://redmine.openinfosecfoundation.org/issues/8365 (suricata-7.0.15)
@@ -26869,7 +26865,6 @@ CVE-2026-31933 (Suricata is a network IDS, IPS and NSM engine. Prior to versions
CVE-2026-31932 (Suricata is a network IDS, IPS and NSM engine. Prior to versions 7.0.1 ...)
- suricata 1:8.0.4-1
[trixie] - suricata 1:7.0.10-1+deb13u4
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-rp9m-jcpw-hggr
NOTE: https://redmine.openinfosecfoundation.org/issues/8306 (suricata-8.0.4)
NOTE: https://redmine.openinfosecfoundation.org/issues/8307 (suricata-7.0.15)
@@ -26878,7 +26873,6 @@ CVE-2026-31932 (Suricata is a network IDS, IPS and NSM engine. Prior to versions
CVE-2026-31931 (Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to b ...)
- suricata 1:8.0.4-1
[trixie] - suricata <not-affected> (Vulnerable code not present)
- [bookworm] - suricata <not-affected> (Vulnerable code not present)
[bullseye] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-gr22-4784-xvw3
NOTE: https://redmine.openinfosecfoundation.org/issues/8297
@@ -28525,7 +28519,7 @@ CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer ove
{DLA-4563-1}
- libarchive 3.8.7-1 (bug #1133002)
[trixie] - libarchive 3.7.4-4+deb13u1
- [bookworm] - libarchive <no-dsa> (Minor issue)
+ [bookworm] - libarchive 3.6.2-1+deb12u4
NOTE: https://github.com/libarchive/libarchive/pull/2934
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/a2a73a8f14b3208c7f6acbbc93265254a7c1efd0
CVE-2026-4425
@@ -28541,7 +28535,7 @@ CVE-2026-4266 (An Insecure Deserialization vulnerability in WatchGuard Fireware
CVE-2026-4046 (The iconv() function in the GNU C Library versions 2.43 and earlier ma ...)
- glibc 2.42-15 (bug #1132499)
[trixie] - glibc 2.41-12+deb13u3
- [bookworm] - glibc <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - glibc 2.36-9+deb12u14
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33980
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007
CVE-2026-3991 (Symantec Data Loss Prevention Windows Endpoint, prior to 25.1 MP1, 16. ...)
@@ -28766,7 +28760,7 @@ CVE-2025-15036 (A path traversal vulnerability exists in the `extract_archive_to
CVE-2026-33691 (The OWASP core rule set (CRS) is a set of generic attack detection rul ...)
- modsecurity-crs 3.3.9-1
[trixie] - modsecurity-crs 3.3.7-1+deb13u2
- [bookworm] - modsecurity-crs <no-dsa> (Minor issue)
+ [bookworm] - modsecurity-crs 3.3.4-1+deb12u3
[bullseye] - modsecurity-crs <postponed> (Minor issue)
NOTE: https://github.com/coreruleset/coreruleset/security/advisories/GHSA-rw5f-9w43-gv2w
CVE-2026-35536 (In Tornado before 6.5.5, cookie attribute injection could occur becaus ...)
@@ -29393,7 +29387,7 @@ CVE-2026-33721 (MapServer is a system for developing web-based GIS applications.
{DLA-4537-1}
- mapserver 8.6.1-1
[trixie] - mapserver 8.4.0-4+deb13u2
- [bookworm] - mapserver <no-dsa> (Minor issue)
+ [bookworm] - mapserver 8.0.0-3+deb12u1
NOTE: https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp
NOTE: Fixed by: https://github.com/MapServer/MapServer/commit/fb08dad4afee081b81c57ca0c5d37c149e7755f9 (rel-8-6-1)
CVE-2026-33718 (OpenHands is software for AI-driven development. Starting in version 1 ...)
@@ -32392,21 +32386,21 @@ CVE-2026-32948 (sbt is a build tool for Scala, Java, and others. From version 0.
CVE-2026-32854 (LibVNCServer versions 0.9.15 and prior (fixed incommit dc78dee) contai ...)
- libvncserver 0.9.15+dfsg-3 (bug #1132017)
[trixie] - libvncserver 0.9.15+dfsg-1+deb13u1
- [bookworm] - libvncserver <no-dsa> (Minor issue)
+ [bookworm] - libvncserver 0.9.14+dfsg-1+deb12u1
[bullseye] - libvncserver <postponed> (Minor issue)
NOTE: https://github.com/LibVNC/libvncserver/security/advisories/GHSA-xjp8-4qqv-5x4x
NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/dc78dee51a7e270e537a541a17befdf2073f5314
CVE-2026-32853 (LibVNCServer versions 0.9.15 and prior (fixed incommit 009008e) contai ...)
- libvncserver 0.9.15+dfsg-3 (bug #1132016)
[trixie] - libvncserver 0.9.15+dfsg-1+deb13u1
- [bookworm] - libvncserver <no-dsa> (Minor issue)
+ [bookworm] - libvncserver 0.9.14+dfsg-1+deb12u1
[bullseye] - libvncserver <postponed> (Minor issue)
NOTE: https://github.com/LibVNC/libvncserver/security/advisories/GHSA-87q7-v983-qwcj
NOTE: Fixed by: https://github.com/LibVNC/libvncserver/commit/009008e2f4d5a54dd71f422070df3af7b3dbc931
CVE-2026-32647 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
- [bookworm] - nginx <no-dsa> (Minor issue)
+ [bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160366
NOTE: Fixed by: https://github.com/nginx/nginx/commit/a172c880cb51f882a5dc999437e8b3a4f87630cc (release-1.28.3)
CVE-2026-30932 (Froxlor is open source server administration software. Prior to versio ...)
@@ -32430,31 +32424,31 @@ CVE-2026-29772 (Astro is a web framework. Prior to version 10.0.0, Astro's Serve
CVE-2026-28755 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_strea ...)
- nginx 1.28.3-2
[trixie] - nginx 1.26.3-3+deb13u3
- [bookworm] - nginx <no-dsa> (Minor issue)
+ [bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160368
NOTE: Fixed by: https://github.com/nginx/nginx/commit/78f581487706f2e43eea5a060c516fc4d98090e8 (release-1.28.3)
CVE-2026-28753 (NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_ ...)
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
- [bookworm] - nginx <no-dsa> (Minor issue)
+ [bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160367
NOTE: Fixed by: https://github.com/nginx/nginx/commit/6a8513761fb327f67fcc6cfcf1ad216887e2589f (release-1.28.3)
CVE-2026-27784 (The 32-bit implementation of NGINX Open Source has a vulnerability in ...)
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
- [bookworm] - nginx <no-dsa> (Minor issue)
+ [bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160364
NOTE: Fixed by: https://github.com/nginx/nginx/commit/b23ac73b00313d159a99636c21ef71b828781018 (release-1.28.3)
CVE-2026-27654 (NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_ ...)
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
- [bookworm] - nginx <no-dsa> (Minor issue)
+ [bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160382
NOTE: Fixed by: https://github.com/nginx/nginx/commit/a1d18284e0a173c4ef2b28425535d0f640ae0a82 (release-1.28.3)
CVE-2026-27651 (When the ngx_mail_auth_http_modulemodule is enabled on NGINX Plus or N ...)
- nginx 1.28.3-1
[trixie] - nginx 1.26.3-3+deb13u3
- [bookworm] - nginx <no-dsa> (Minor issue)
+ [bookworm] - nginx 1.22.1-9+deb12u5
NOTE: https://my.f5.com/manage/s/article/K000160383
NOTE: Fixed by: https://github.com/nginx/nginx/commit/0f71dd8ea94ab8c123413b2e465be12a35392e9c (release-1.28.3)
CVE-2026-26809
@@ -33159,7 +33153,7 @@ CVE-2026-29111 (systemd, a system and service manager, (as PID 1) hits an assert
{DLA-4533-1}
- systemd 260~rc2-1
[trixie] - systemd 257.13-1~deb13u1
- [bookworm] - systemd <no-dsa> (Minor issue)
+ [bookworm] - systemd 252.39-1~deb12u2
NOTE: https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764
NOTE: Fixed by: https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f (v260-rc2)
NOTE: Fixed by: https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8 (v260-rc2)
@@ -33471,7 +33465,7 @@ CVE-2019-25620 (Tree Studio 2.17 contains a denial of service vulnerability that
CVE-2026-33347 (league/commonmark is a PHP Markdown parser. From version 2.3.0 to befo ...)
- php-league-commonmark 2.8.2-1
[trixie] - php-league-commonmark 2.7.0-1+deb13u1
- [bookworm] - php-league-commonmark <no-dsa> (Minor issue)
+ [bookworm] - php-league-commonmark 2.3.9-1+deb12u1
[bullseye] - php-league-commonmark <postponed> (Minor issue)
NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-hh8v-hgvp-g3f5
NOTE: Fixed by: https://github.com/thephpleague/commonmark/commit/59fb075d2101740c337c7216e3f32b36c204218b (2.8.2)
@@ -34290,6 +34284,7 @@ CVE-2025-63261 (AWStats 8.0 is vulnerable to Command Injection via the open func
{DLA-4509-1}
- awstats 8.0-5 (bug #1131878; unimportant)
[trixie] - awstats 7.9-1+deb13u1
+ [bookworm] - awstats 7.8-3+deb12u2
NOTE: https://pentest-tools.com/PTT-2025-021-Code-Execution-in-AWStats.pdf
NOTE: https://github.com/eldy/AWStats/issues/287
NOTE: Crosses no reasonable security boundary, requires an attacker to modify awstats.conf
@@ -34372,7 +34367,7 @@ CVE-2026-4485 (A vulnerability has been found in itsourcecode College Management
CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...)
- glibc 2.42-14 (bug #1131887)
[trixie] - glibc 2.41-12+deb13u3
- [bookworm] - glibc <no-dsa> (Minor issue)
+ [bookworm] - glibc 2.36-9+deb12u14
[bullseye] - glibc <postponed> (Minor issue, specification violation)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34015
NOTE: Proposed patch: https://inbox.sourceware.org/libc-alpha/20260320194250.1089143-1-carlos@redhat.com/
@@ -34380,7 +34375,7 @@ CVE-2026-4438 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswit
CVE-2026-4437 (Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.co ...)
- glibc 2.42-14 (bug #1131435)
[trixie] - glibc 2.41-12+deb13u3
- [bookworm] - glibc <no-dsa> (Minor issue)
+ [bookworm] - glibc 2.36-9+deb12u14
[bullseye] - glibc <postponed> (Minor issue, validation issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=34014
NOTE: Proposed patch: https://inbox.sourceware.org/libc-alpha/20260320194250.1089143-1-carlos@redhat.com/
@@ -35236,7 +35231,7 @@ CVE-2026-4439 (Out of bounds memory access in WebGL in Google Chrome on Android
CVE-2026-34881 (OpenStack Glance before 29.1.1, 30.x before 30.1.1, and 31.0.0 is affe ...)
- glance 2:31.0.0-3 (bug #1131274)
[trixie] - glance 2:30.0.0-3+deb13u1
- [bookworm] - glance <no-dsa> (Minor issue)
+ [bookworm] - glance 2:25.1.0-2+deb12u2
[bullseye] - glance <postponed> (Minor issue, potential infoleak)
NOTE: https://www.openwall.com/lists/oss-security/2026/03/19/3
NOTE: https://bugs.launchpad.net/glance/+bug/2138602
@@ -35253,14 +35248,14 @@ CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior vulnerabili
{DLA-4563-1}
- libarchive 3.8.7-1 (bug #1131444)
[trixie] - libarchive 3.7.4-4+deb13u1
- [bookworm] - libarchive <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - libarchive 3.6.2-1+deb12u4
NOTE: https://github.com/libarchive/libarchive/pull/2897
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/c3cb1c568ebf9e8f7f478cfc0356ae54e99712b0
CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read vulnerabi ...)
{DLA-4563-1}
- libarchive 3.8.7-1 (bug #1131446)
[trixie] - libarchive 3.7.4-4+deb13u1
- [bookworm] - libarchive <no-dsa> (Minor issue)
+ [bookworm] - libarchive 3.6.2-1+deb12u4
NOTE: https://github.com/libarchive/libarchive/pull/2898
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/d379dc0b2976b7207d1ad78f5ed3eb99a5b6d375
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e1907c5832b6489c7b4198b0825f857c93a03c10
@@ -36308,7 +36303,7 @@ CVE-2026-33550 (SOGo before 5.12.5 does not renew the OTP if a user disables/ena
CVE-2026-4359 (A compromised third party cloud server or man-in-the-middle attacker c ...)
- mongo-c-driver 2.2.3-1
[trixie] - mongo-c-driver 1.30.4-1+deb13u2
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
[bullseye] - mongo-c-driver <postponed> (Minor issue)
NOTE: https://jira.mongodb.org/browse/CDRIVER-6251
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/b93ebe6b99e614b49a24316c7a295eb3f08af603 (2.2.3)
@@ -36959,7 +36954,7 @@ CVE-2026-32775 (libexif through 0.6.25 has a flaw in decoding MakerNotes. If the
{DLA-4558-1}
- libexif 0.6.26-1 (bug #1131116)
[trixie] - libexif 0.6.25-1+deb13u1
- [bookworm] - libexif <no-dsa> (Minor issue)
+ [bookworm] - libexif 0.6.24-1+deb12u1
NOTE: https://github.com/libexif/libexif/issues/247
NOTE: Fixed by: https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692
CVE-2026-31386 (OpenLiteSpeed and LSWS Enterprise provided by LiteSpeed Technologies c ...)
@@ -37234,7 +37229,7 @@ CVE-2026-4111 (A flaw was identified in the RAR5 archive decompression logic of
{DLA-4563-1}
- libarchive 3.8.6-1 (bug #1130753)
[trixie] - libarchive 3.7.4-4+deb13u1
- [bookworm] - libarchive <no-dsa> (Minor issue)
+ [bookworm] - libarchive 3.6.2-1+deb12u4
NOTE: https://github.com/libarchive/libarchive/pull/2877
NOTE: Testcase: https://github.com/libarchive/libarchive/commit/ef53e2023d75a205cf7cbddb5d01c4cc592e9ce4
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/7273d04803a1e5a482f26d8d0fbaf2b204a72168
@@ -37746,7 +37741,7 @@ CVE-2026-4105 (A flaw was found in systemd. The systemd-machined service contain
{DLA-4533-1}
- systemd 260~rc3-1
[trixie] - systemd 257.13-1~deb13u1
- [bookworm] - systemd <no-dsa> (Only exloitable with custom polkit policy that allows register-machine access)
+ [bookworm] - systemd 252.39-1~deb12u2
NOTE: https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862
NOTE: Introduced with: https://github.com/systemd/systemd/commit/fbe550738d03b178bb004a1390e74115e904118a (v225)
NOTE: Fixed by: https://github.com/systemd/systemd/commit/6df5f80bd374be1b45c52d740e88f0236da922c7 (v260-rc3)
@@ -40647,7 +40642,7 @@ CVE-2026-30848 (Parse Server is an open source backend that can be deployed to a
CVE-2026-30838 (league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, th ...)
- php-league-commonmark 2.8.1-1
[trixie] - php-league-commonmark 2.7.0-1+deb13u1
- [bookworm] - php-league-commonmark <no-dsa> (Minor issue)
+ [bookworm] - php-league-commonmark 2.3.9-1+deb12u1
[bullseye] - php-league-commonmark <postponed> (Minor issue)
NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-4v6x-c7xx-hw9f
NOTE: Regression test: https://github.com/thephpleague/commonmark/commit/f6e74434dd1a91f195f80cb0184b746a4187272a (2.8.1)
@@ -42394,7 +42389,7 @@ CVE-2025-41257 (Suprema\u2019s BioStar 2 in version 2.9.11.6 allows users to set
CVE-2026-2219 (It was discovered that dpkg-deb (a component of dpkg, the Debian packa ...)
- dpkg 1.23.6 (bug #1129722)
[trixie] - dpkg 1.22.22
- [bookworm] - dpkg <no-dsa> (Minor issue; can be fixed in point release)
+ [bookworm] - dpkg 1.21.23
[bullseye] - dpkg <not-affected> (Vulnerable code introduced later)
NOTE: Introduced with: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=2c2f7066bd8c3209762762fa6905fa567b08ca5a (1.21.18)
NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=6610297a62c0780dd0e80b0e302ef64fdcc9d313 (1.23.6)
@@ -43867,12 +43862,12 @@ CVE-2026-27832 (Group-Office is an enterprise customer relationship management a
CVE-2026-27824 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
- calibre 9.4.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u2
- [bookworm] - calibre <no-dsa> (Minor issue)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vhxc-r7v8-2xrw
CVE-2026-27810 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
- calibre 9.4.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u2
- [bookworm] - calibre <no-dsa> (Minor issue)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-5fpj-fxw7-8grw
CVE-2026-27793 (Seerr is an open-source media request and discovery manager for Jellyf ...)
NOT-FOR-US: Seerr
@@ -44017,7 +44012,7 @@ CVE-2026-3285 (A vulnerability was determined in berry-lang berry up to 1.1.0. T
CVE-2026-3284 (A vulnerability was found in libvips 8.19.0. Impacted is the function ...)
- vips 8.18.0-3 (bug #1129310)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4879
NOTE: https://github.com/libvips/libvips/pull/4887
@@ -44025,7 +44020,7 @@ CVE-2026-3284 (A vulnerability was found in libvips 8.19.0. Impacted is the func
CVE-2026-3283 (A vulnerability has been found in libvips 8.19.0. This issue affects t ...)
- vips 8.18.0-3 (bug #1129310)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4880
NOTE: https://github.com/libvips/libvips/pull/4887
@@ -44033,7 +44028,7 @@ CVE-2026-3283 (A vulnerability has been found in libvips 8.19.0. This issue affe
CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability affects th ...)
- vips 8.18.0-3 (bug #1129311)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4881
NOTE: https://github.com/libvips/libvips/pull/4886
@@ -44041,7 +44036,7 @@ CVE-2026-3282 (A flaw has been found in libvips 8.19.0. This vulnerability affec
CVE-2026-3281 (A vulnerability was detected in libvips 8.19.0. This affects the funct ...)
- vips 8.18.0-3 (bug #1129312)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4878
NOTE: https://github.com/libvips/libvips/pull/4895
@@ -44324,7 +44319,7 @@ CVE-2026-28296 (A flaw was found in the FTP GVfs backend. A remote attacker coul
{DLA-4513-1}
- gvfs 1.59.90-1 (bug #1129286)
[trixie] - gvfs 1.57.2-2+deb13u1
- [bookworm] - gvfs <no-dsa> (Minor issue)
+ [bookworm] - gvfs 1.50.3-1+deb12u1
NOTE: https://gitlab.gnome.org/GNOME/gvfs/-/issues/833
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gvfs/-/commit/21dda19047b86c3e92fae668eb9dc80e33ca71fd (1.59.90)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gvfs/-/commit/2916e8deea297f300056265530c7ca3ea443775f (1.58.2)
@@ -44333,7 +44328,7 @@ CVE-2026-28295 (A flaw was found in the FTP GVfs backend. A malicious FTP server
{DLA-4513-1}
- gvfs 1.59.90-1 (bug #1129285)
[trixie] - gvfs 1.57.2-2+deb13u1
- [bookworm] - gvfs <no-dsa> (Minor issue)
+ [bookworm] - gvfs 1.50.3-1+deb12u1
NOTE: https://gitlab.gnome.org/GNOME/gvfs/-/issues/832
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gvfs/-/commit/20db8173252ea88a4af05dc9a24aad6f29b807ad (1.59.90)
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gvfs/-/commit/30f50ce256c2fb66828373973c4fd1542088de72 (1.58.2)
@@ -45087,7 +45082,7 @@ CVE-2026-3148 (A vulnerability was determined in SourceCodester Simple and Nice
CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects the fu ...)
- vips 8.18.0-3 (bug #1129314)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4874
NOTE: https://github.com/libvips/libvips/pull/4894
@@ -45095,7 +45090,7 @@ CVE-2026-3147 (A vulnerability was found in libvips up to 8.18.0. This affects t
CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The impacted e ...)
- vips 8.18.0-3 (bug #1129315)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4875
NOTE: https://github.com/libvips/libvips/pull/4888
@@ -45103,7 +45098,7 @@ CVE-2026-3146 (A vulnerability has been found in libvips up to 8.18.0. The impac
CVE-2026-3145 (A flaw has been found in libvips up to 8.18.0. The affected element is ...)
- vips 8.18.0-3 (bug #1129315)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, will be fixed via point release)
NOTE: https://github.com/libvips/libvips/issues/4876
NOTE: https://github.com/libvips/libvips/pull/4888
@@ -46460,7 +46455,7 @@ CVE-2026-2925 (A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected
CVE-2026-2913 (A vulnerability was determined in libvips up to 8.19.0. The affected e ...)
- vips 8.18.0-2 (bug #1128785)
[trixie] - vips 8.16.1-1+deb13u1
- [bookworm] - vips <no-dsa> (Minor issue)
+ [bookworm] - vips 8.14.1-3+deb12u3
[bullseye] - vips <postponed> (Minor issue, local access required, hard to trigger)
NOTE: https://github.com/libvips/libvips/issues/4857
NOTE: Introduced by: https://github.com/libvips/libvips/commit/8030d7b926077f578640bacb202febcd5d2ba29e (v8.9.0-beta2)
@@ -47625,14 +47620,14 @@ CVE-2026-26065 (calibre is a cross-platform e-book manager for viewing, converti
{DLA-4554-1}
- calibre 9.3.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u2
- [bookworm] - calibre <no-dsa> (Minor issue)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8 (v9.3.0)
CVE-2026-26064 (calibre is a cross-platform e-book manager for viewing, converting, ed ...)
{DLA-4554-1}
- calibre 9.3.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u2
- [bookworm] - calibre <no-dsa> (Minor issue)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62 (v9.3.0)
CVE-2026-24122 (Cosign provides code signing and transparency for containers and binar ...)
@@ -53076,7 +53071,7 @@ CVE-2026-25732 (NiceGUI is a Python-based UI framework. Prior to 3.7.0, NiceGUI'
CVE-2026-25731 (calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template I ...)
- calibre 9.2.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u2
- [bookworm] - calibre <no-dsa> (Will be fixed via point update)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
[bullseye] - calibre <ignored> (Too intrusive to backport)
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379 (v9.2.0)
@@ -53088,14 +53083,14 @@ CVE-2026-25636 (calibre is an e-book manager. In 9.1.0 and earlier, a path trave
{DLA-4554-1}
- calibre 9.2.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u2
- [bookworm] - calibre <no-dsa> (Will be fixed via point update)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726 (v9.2.0)
CVE-2026-25635 (calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader con ...)
{DLA-4554-1}
- calibre 9.2.0+ds+~0.10.5-1
[trixie] - calibre 8.5.0+ds-1+deb13u2
- [bookworm] - calibre <no-dsa> (Will be fixed via point update)
+ [bookworm] - calibre 6.13.0+repack-2+deb12u6
NOTE: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr
NOTE: Fixed by: https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 (v9.2.0)
CVE-2026-25634 (iccDEV provides a set of libraries and tools that allow for the intera ...)
@@ -57093,21 +57088,18 @@ CVE-2026-23592 (Insecure file operations in HPE Aruba Networking Fabric Composer
CVE-2026-22264 (Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 ...)
- suricata 1:8.0.3-1
[trixie] - suricata 1:7.0.10-1+deb13u3
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-mqr8-m3m4-2hw5
NOTE: https://github.com/OISF/suricata/commit/549d7bf60616de8e54686a188196453b5b22f715 (suricata-8.0.3)
NOTE: https://github.com/OISF/suricata/commit/5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2 (suricata-7.0.14)
CVE-2026-22263 (Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0 ...)
- suricata 1:8.0.3-1
[trixie] - suricata <not-affected> (Vulnerable code not present)
- [bookworm] - suricata <not-affected> (Vulnerable code not present)
[bullseye] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-rwc5-hxj6-hwx7
NOTE: https://github.com/OISF/suricata/commit/018a377f74e3eb2b042c6f783ad9043060923428 (suricata-8.0.3)
CVE-2026-22262 (Suricata is a network IDS, IPS and NSM engine. While saving a dataset ...)
- suricata 1:8.0.3-1
[trixie] - suricata 1:7.0.10-1+deb13u3
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-9qg5-2gwh-xp86
NOTE: https://github.com/OISF/suricata/commit/32a1b9ae6aa80a60c073897e38a2ac6ea0f64521 (suricata-8.0.3)
NOTE: https://github.com/OISF/suricata/commit/d767dfadcd166f82683757818b9e46943326ac90 (suricata-8.0.3)
@@ -57116,27 +57108,23 @@ CVE-2026-22262 (Suricata is a network IDS, IPS and NSM engine. While saving a da
CVE-2026-22261 (Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 ...)
- suricata 1:8.0.3-1
[trixie] - suricata 1:7.0.10-1+deb13u3
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-5jvg-5j3p-34cf
NOTE: https://github.com/OISF/suricata/commit/3f0725b34c7871c2de4346c8af872f10f4501e44 (suricata-8.0.3)
CVE-2026-22260 (Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0 ...)
- suricata 1:8.0.3-1
[trixie] - suricata <not-affected> (Vulnerable code not present)
- [bookworm] - suricata <not-affected> (Vulnerable code not present)
[bullseye] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-3gm8-84cm-5x22
NOTE: https://github.com/OISF/suricata/commit/0dddac7278c8b9cf3c1e4c1c71e620a78ec1c185 (suricata-8.0.3)
CVE-2026-22259 (Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 ...)
- suricata 1:8.0.3-1
[trixie] - suricata 1:7.0.10-1+deb13u3
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-878h-2x6v-84q9
NOTE: https://github.com/OISF/suricata/commit/50cac2e2465ca211eabfa156623e585e9037bb7e (suricata-8.0.3)
NOTE: https://github.com/OISF/suricata/commit/63225d5f8ef64cc65164c0bb1800730842d54942 (suricata-7.0.14)
CVE-2026-22258 (Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 ...)
- suricata 1:8.0.3-1
[trixie] - suricata 1:7.0.10-1+deb13u3
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-289c-h599-3xcx
NOTE: https://github.com/OISF/suricata/commit/39d8c302af3422a096b75474a4f295a754ec6a74 (suricata-8.0.3)
NOTE: https://github.com/OISF/suricata/commit/f82a388d0283725cb76782cf64e8341cab370830 (suricata-7.0.14)
@@ -57152,7 +57140,7 @@ CVE-2026-1489 (A flaw was found in GLib. An integer overflow vulnerability in it
{DLA-4491-1}
- glib2.0 2.86.3-5 (bug #1126549)
[trixie] - glib2.0 2.84.4-3~deb13u3
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u9
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3872
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4983
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4984
@@ -57160,7 +57148,7 @@ CVE-2026-1485 (A flaw was found in Glib's content type parsing logic. This buffe
{DLA-4491-1}
- glib2.0 2.86.3-5 (bug #1126550)
[trixie] - glib2.0 2.84.4-3~deb13u3
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u9
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3871
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4980
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4981
@@ -57168,7 +57156,7 @@ CVE-2026-1484 (A flaw was found in the GLib Base64 encoding routine when process
{DLA-4491-1}
- glib2.0 2.86.3-5 (bug #1126551)
[trixie] - glib2.0 2.84.4-3~deb13u3
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u9
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3870
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4978
NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4979
@@ -57273,7 +57261,7 @@ CVE-2025-14911 (User-controlled chunkSize metadata from MongoDB lacks appropriat
- mongodb <removed>
- mongo-c-driver 2.2.0-1
[trixie] - mongo-c-driver 1.30.4-1+deb13u2
- [bookworm] - mongo-c-driver <no-dsa> (Minor issue)
+ [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
[bullseye] - mongo-c-driver <postponed> (Minor issue)
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/ec39911d87ba43e0488c4eee732e6732de82c1ab (2.2.0)
NOTE: Fixed by: https://github.com/mongodb/mongo-c-driver/commit/ed8bed47906e37dd27306de0095ccbc56d6ec906 (1.30.8)
@@ -58234,7 +58222,7 @@ CVE-2026-1299 (The email module, specifically the "BytesGenerator" class, didn\
- python3.13 3.13.12-1 (bug #1126745)
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- pypy3 7.3.21+dfsg-1 (bug #1126746)
[trixie] - pypy3 <no-dsa> (Minor issue)
@@ -59736,7 +59724,7 @@ CVE-2025-69762 (Tenda AX3 firmware v16.03.12.11 contains a stack overflow in for
CVE-2025-69209 (ArduinoCore-avr contains the source code and configuration files of th ...)
- arduino-core-avr 1.8.7+dfsg-1 (bug #1126285)
[trixie] - arduino-core-avr 1.8.7+dfsg-1~deb13u1
- [bookworm] - arduino-core-avr <no-dsa> (Minor issue)
+ [bookworm] - arduino-core-avr 1.8.7+dfsg-1~deb12u1
[bullseye] - arduino-core-avr <postponed> (Minor issue)
NOTE: https://github.com/arduino/ArduinoCore-avr/security/advisories/GHSA-pvx3-fm7w-6hjm
NOTE: https://github.com/arduino/ArduinoCore-avr/pull/613
@@ -60107,7 +60095,7 @@ CVE-2026-0865 (User-controlled header names and values containing newlines can a
- python3.13 3.13.12-1 (bug #1126740)
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
@@ -60141,7 +60129,7 @@ CVE-2026-0672 (When using http.cookies.Morsel, user-controlled cookie values and
- python3.13 3.13.12-1 (bug #1126762)
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- pypy3 7.3.21+dfsg-1 (bug #1126763)
[trixie] - pypy3 <no-dsa> (Minor issue)
@@ -60234,7 +60222,7 @@ CVE-2025-15282 (User-controlled data URLs parsed by urllib.request.DataHandler a
- python3.13 3.13.12-1 (bug #1126780)
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- pypy3 7.3.21+dfsg-1 (bug #1126781)
[trixie] - pypy3 <no-dsa> (Minor issue)
@@ -60257,7 +60245,7 @@ CVE-2025-11468 (When folding a long comment in an email header containing exclus
- python3.13 3.13.12-1 (bug #1126787)
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- python2.7 <not-affected> (E-mail folding API introduced in Python 3.3)
- pypy3 7.3.21+dfsg-1 (bug #1126788)
@@ -60504,7 +60492,7 @@ CVE-2025-11743 (A denial-of-service security issue in the affected product. The
CVE-2025-15281 (Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the ...)
- glibc 2.42-11 (bug #1126266)
[trixie] - glibc 2.41-12+deb13u2
- [bookworm] - glibc <no-dsa> (Minor issue)
+ [bookworm] - glibc 2.36-9+deb12u14
[bullseye] - glibc <postponed> (Minor issue, unlikely scenario)
NOTE: https://www.openwall.com/lists/oss-security/2026/01/20/3
NOTE: Introduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=8f2ece695d8822e9ecc63ecd157e90bf17a6fe65 (glibc-2.0.92)
@@ -61388,7 +61376,7 @@ CVE-2026-0916 (The Related Posts by Taxonomy plugin for WordPress is vulnerable
CVE-2026-0915 (Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf ...)
- glibc 2.42-8 (bug #1125748)
[trixie] - glibc 2.41-12+deb13u2
- [bookworm] - glibc <no-dsa> (Minor issue)
+ [bookworm] - glibc 2.36-9+deb12u14
[bullseye] - glibc <postponed> (Minor issue, high attack complexity)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33802
NOTE: https://www.openwall.com/lists/oss-security/2026/01/16/6
@@ -61657,7 +61645,7 @@ CVE-2026-0988 (A flaw was found in glib. Missing validation of offset and count
[experimental] - glib2.0 2.87.1-1
- glib2.0 2.86.3-5 (bug #1125752)
[trixie] - glib2.0 2.84.4-3~deb13u3
- [bookworm] - glib2.0 <no-dsa> (Minor issue)
+ [bookworm] - glib2.0 2.74.6-2+deb12u9
NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/3851
NOTE: Fixed by: https://gitlab.gnome.org/GNOME/glib/-/commit/c5766cff61ffce0b8e787eae09908ac348338e5f (2.87.1)
CVE-2026-0980 (A flaw was found in rubyipmi, a gem used in the Baseboard Management C ...)
@@ -62001,7 +61989,7 @@ CVE-2026-0959 (IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2
CVE-2026-0861 (Passing too large an alignment to the memalign suite of functions (mem ...)
- glibc 2.42-8 (bug #1125678)
[trixie] - glibc 2.41-12+deb13u2
- [bookworm] - glibc <no-dsa> (Minor issue)
+ [bookworm] - glibc 2.36-9+deb12u14
[bullseye] - glibc <postponed> (Minor issue, unlikely scenario)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=33796
NOTE: https://www.openwall.com/lists/oss-security/2026/01/16/5
@@ -64780,7 +64768,7 @@ CVE-2025-68715 (An issue was discovered in Panda Wireless PWRU0 devices with fir
CVE-2025-68158 (Authlib is a Python library which builds OAuth and OpenID Connect serv ...)
- python-authlib 1.6.6-1
[trixie] - python-authlib 1.6.0-1+deb13u1
- [bookworm] - python-authlib <no-dsa> (Minor issue)
+ [bookworm] - python-authlib 1.2.0-1+deb12u1
NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-fg6f-75jq-6523
NOTE: Fixed by: https://github.com/authlib/authlib/commit/2808378611dd6fb2532b189a9087877d8f0c0489 (v1.6.6)
CVE-2025-68151 (CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, ...)
@@ -66486,14 +66474,14 @@ CVE-2025-67269 (An integer underflow vulnerability exists in the `nextstate()` f
{DLA-4441-1}
- gpsd 3.27.5-0.1 (bug #1124799)
[trixie] - gpsd 3.25-5+deb13u1
- [bookworm] - gpsd <no-dsa> (Minor issue)
+ [bookworm] - gpsd 3.22-4.1+deb12u1
NOTE: https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67269/README.md
NOTE: Fixed by: https://gitlab.com/gpsd/gpsd/-/commit/ffa1d6f40bca0b035fc7f5e563160ebb67199da7 (release-3.27.1)
CVE-2025-67268 (gpsd before commit dc966aa contains a heap-based out-of-bounds write v ...)
{DLA-4441-1}
- gpsd 3.27.5-0.1 (bug #1124800)
[trixie] - gpsd 3.25-5+deb13u1
- [bookworm] - gpsd <no-dsa> (Minor issue)
+ [bookworm] - gpsd 3.22-4.1+deb12u1
NOTE: https://github.com/Jaenact/gspd_cve/blob/main/CVE-2025-67268/README.md
NOTE: Fixed by: https://gitlab.com/gpsd/gpsd/-/commit/dc966aa74c075d0a6535811d98628625cbfbe3f4 (release-3.27.1)
CVE-2025-67160 (An issue in Vatilon v1.12.37-20240124 allows attackers to access sensi ...)
@@ -82582,7 +82570,7 @@ CVE-2025-12084 (When building nested elements using xml.dom.minidom methods such
- python3.13 3.13.11-1
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
@@ -83270,7 +83258,7 @@ CVE-2025-3500 (Integer Overflow or Wraparound vulnerability in Avast Antivirus (
CVE-2025-34297 (KissFFT versions prior to the fix commit 1b083165 contain an integer o ...)
- kissfft 131.1.0-4.1 (bug #1131147)
[trixie] - kissfft 131.1.0-4.1~deb13u1
- [bookworm] - kissfft <no-dsa> (Minor issue)
+ [bookworm] - kissfft 131.1.0-4.1~deb12u1
[bullseye] - kissfft <postponed> (Minor issue)
NOTE: https://github.com/mborgerding/kissfft/issues/120
NOTE: Fixed by: https://github.com/mborgerding/kissfft/commit/1b08316582049c3716154caefc0deab8758506e3
@@ -83291,7 +83279,7 @@ CVE-2025-13837 (When loading a plist file, the plistlib module reads data in siz
- python3.13 3.13.11-1
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- pypy3 7.3.21+dfsg-1 (bug #1126782)
[trixie] - pypy3 <no-dsa> (Minor issue)
@@ -83310,7 +83298,7 @@ CVE-2025-13836 (When reading an HTTP response from a server, if no read amount i
- python3.13 3.13.11-1
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- pypy3 7.3.21+dfsg-1 (bug #1126783)
[trixie] - pypy3 <no-dsa> (Minor issue)
@@ -83500,7 +83488,7 @@ CVE-2025-66036 (Retro is an online platform providing items of vintage collectio
CVE-2025-66034 (fontTools is a library for manipulating fonts, written in Python. In v ...)
- fonttools 4.61.1-1 (bug #1121605)
[trixie] - fonttools 4.57.0-1+deb13u1
- [bookworm] - fonttools <no-dsa> (Minor issue)
+ [bookworm] - fonttools 4.38.0-1+deb12u1
[bullseye] - fonttools <postponed> (Minor issue)
NOTE: https://github.com/fonttools/fonttools/security/advisories/GHSA-768j-98cg-p3fv
NOTE: Fixed by: https://github.com/fonttools/fonttools/commit/a696d5ba93270d5954f98e7cab5ddca8a02c1e32 (4.61.0)
@@ -83727,7 +83715,6 @@ CVE-2025-65202 (TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS comman
CVE-2025-64344 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
[trixie] - suricata 1:7.0.10-1+deb13u2
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-93fh-cgmc-w3rx
NOTE: https://redmine.openinfosecfoundation.org/issues/8065
NOTE: Fixed by: https://github.com/OISF/suricata/commit/d364b04a595facd5980c44f4f9ea39319999bf66 (suricata-8.0.2)
@@ -83735,7 +83722,6 @@ CVE-2025-64344 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-64335 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
[trixie] - suricata <not-affected> (Vulnerable code introduced later)
- [bookworm] - suricata <not-affected> (Vulnerable code introduced later)
[bullseye] - suricata <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-v299-h7p3-q4f2
NOTE: https://redmine.openinfosecfoundation.org/issues/7959
@@ -83743,7 +83729,6 @@ CVE-2025-64335 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-64334 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
[trixie] - suricata <not-affected> (Vulnerable code introduced later)
- [bookworm] - suricata <not-affected> (Vulnerable code introduced later)
[bullseye] - suricata <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-r5jf-v2gx-gx8w
NOTE: https://redmine.openinfosecfoundation.org/issues/7980
@@ -83752,7 +83737,6 @@ CVE-2025-64334 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-64333 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
[trixie] - suricata 1:7.0.10-1+deb13u2
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-537h-xxmx-v87m
NOTE: https://redmine.openinfosecfoundation.org/issues/8056 (private)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/efe7aeb145e7dd1f14db3deff9c0d9900b34ecba (suricata-8.0.2)
@@ -83760,7 +83744,6 @@ CVE-2025-64333 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-64332 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
[trixie] - suricata 1:7.0.10-1+deb13u2
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-p32q-7wcp-gv92
NOTE: https://redmine.openinfosecfoundation.org/issues/8055 (private)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/ad446c9006a77490af51c468aae0ce934f4d2117 (suricata-8.0.2)
@@ -83768,7 +83751,6 @@ CVE-2025-64332 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-64331 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
[trixie] - suricata 1:7.0.10-1+deb13u2
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-v32w-j79x-pfj2
NOTE: https://redmine.openinfosecfoundation.org/issues/8004 (private)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/647bfad14d43b5abce1459e9af23851d342027a0 (suricata-8.0.2)
@@ -83776,7 +83758,6 @@ CVE-2025-64331 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-64330 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.2-1
[trixie] - suricata 1:7.0.10-1+deb13u2
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <not-affected> (vulnerable code not present; LOG_JSON_VERDICT added in v7.0.0)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-83v7-gm34-f437
NOTE: https://redmine.openinfosecfoundation.org/issues/8021 (private)
@@ -89248,7 +89229,7 @@ CVE-2025-64329 (containerd is an open-source container runtime. Versions 1.7.28
{DLA-4467-1}
- containerd 1.7.24~ds1-10 (bug #1120343)
[trixie] - containerd 1.7.24~ds1-6+deb13u1
- [bookworm] - containerd <no-dsa> (Minor issue)
+ [bookworm] - containerd 1.6.20~ds1-1+deb12u3
NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2
NOTE: https://github.com/containerd/containerd/commit/a0d0f0ef68935338d2c710db164fa7820f692530 (v2.2.0)
NOTE: https://github.com/containerd/containerd/commit/c575d1b5f4011f33b32f71ace75367a92b08c750 (v1.7.29)
@@ -90979,7 +90960,7 @@ CVE-2025-6075 (If the value passed to os.path.expandvars() is user-controlled a
- python3.13 3.13.11-1
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- pypy3 7.3.21+dfsg-1 (bug #1126777)
[trixie] - pypy3 <no-dsa> (Minor issue)
@@ -93734,7 +93715,7 @@ CVE-2025-62706 (Authlib is a Python library which builds OAuth and OpenID Connec
{DLA-4352-1}
- python-authlib 1.6.5-1
[trixie] - python-authlib 1.6.0-1+deb13u1
- [bookworm] - python-authlib <no-dsa> (Minor issue)
+ [bookworm] - python-authlib 1.2.0-1+deb12u1
NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-g7f3-828f-7h7m
NOTE: Fixed by: https://github.com/authlib/authlib/commit/4b5b5703394608124cd39e547cc7829feda05a13 (v1.6.5)
CVE-2025-62705 (OpenBao is an open source identity-based secrets management system. Pr ...)
@@ -97877,7 +97858,7 @@ CVE-2025-61930 (Emlog is an open source website building system. Emlog Pro versi
CVE-2025-61912 (python-ldap is a lightweight directory access protocol (LDAP) client A ...)
- python-ldap 3.4.5-1 (bug #1117859)
[trixie] - python-ldap 3.4.4-1+deb13u1
- [bookworm] - python-ldap <no-dsa> (Minor issue)
+ [bookworm] - python-ldap 3.4.3-2+deb12u1
[bullseye] - python-ldap <postponed> (Minor issue)
NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6
NOTE: https://github.com/python-ldap/python-ldap/commit/6ea80326a34ee6093219628d7690bced50c49a3f (main)
@@ -97885,7 +97866,7 @@ CVE-2025-61912 (python-ldap is a lightweight directory access protocol (LDAP) cl
CVE-2025-61911 (python-ldap is a lightweight directory access protocol (LDAP) client A ...)
- python-ldap 3.4.5-1 (bug #1117858)
[trixie] - python-ldap 3.4.4-1+deb13u1
- [bookworm] - python-ldap <no-dsa> (Minor issue)
+ [bookworm] - python-ldap 3.4.3-2+deb12u1
[bullseye] - python-ldap <postponed> (Minor issue)
NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r7r6-cc7p-4v5m
NOTE: https://github.com/python-ldap/python-ldap/commit/3957526fb1852e84b90f423d9fef34c7af25b85a (main)
@@ -97993,7 +97974,7 @@ CVE-2025-61920 (Authlib is a Python library which builds OAuth and OpenID Connec
{DLA-4352-1}
- python-authlib 1.6.5-1
[trixie] - python-authlib 1.6.0-1+deb13u1
- [bookworm] - python-authlib <no-dsa> (Minor issue)
+ [bookworm] - python-authlib 1.2.0-1+deb12u1
NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-pq5p-34cr-23v9
NOTE: https://github.com/authlib/authlib/commit/867e3f87b072347a1ae9cf6983cc8bbf88447e5e (v1.6.5)
CVE-2025-61919 (Rack is a modular Ruby web server interface. Prior to versions 2.2.20, ...)
@@ -98293,9 +98274,9 @@ CVE-2025-11002 (7-Zip ZIP File Parsing Directory Traversal Remote Code Execution
{DLA-4576-1}
- 7zip 25.00+dfsg-1
[trixie] - 7zip 25.01+dfsg-1~deb13u1
- [bookworm] - 7zip <no-dsa> (Minor issue)
+ [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
- p7zip 16.02+transitional.1
- [bookworm] - p7zip <no-dsa> (Minor issue)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
NOTE: depending on 7zip. Mark this version as fixed version.
NOTE: https://github.com/ip7z/7zip/releases/tag/25.00
@@ -98304,9 +98285,9 @@ CVE-2025-11001 (7-Zip ZIP File Parsing Directory Traversal Remote Code Execution
{DLA-4576-1}
- 7zip 25.00+dfsg-1
[trixie] - 7zip 25.01+dfsg-1~deb13u1
- [bookworm] - 7zip <no-dsa> (Minor issue)
+ [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
- p7zip 16.02+transitional.1
- [bookworm] - p7zip <no-dsa> (Minor issue)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
NOTE: depending on 7zip. Mark this version as fixed version.
NOTE: https://github.com/ip7z/7zip/releases/tag/25.00
@@ -99060,7 +99041,7 @@ CVE-2025-8291 (The 'zipfile' module would not check the validity of the ZIP64 En
- python3.13 3.13.11-1
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- jython <unfixed> (bug #1118432)
[trixie] - jython <no-dsa> (Minor issue)
@@ -101941,7 +101922,6 @@ CVE-2025-59148 (Suricata is a network IDS, IPS and NSM engine developed by the O
CVE-2025-59147 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:8.0.1-1
[trixie] - suricata 1:7.0.10-1+deb13u1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-v8hv-6v7x-4c2r
NOTE: https://github.com/OISF/suricata/commit/be6315dba0d9101b11d16e9dacfe2822b3792f1b (suricata-8.0.1)
NOTE: https://github.com/OISF/suricata/commit/e91b03c90385db15e21cf1a0e85b921bf92b039e (suricata-7.0.12)
@@ -105306,7 +105286,7 @@ CVE-2025-59420 (Authlib is a Python library which builds OAuth and OpenID Connec
{DLA-4352-1}
- python-authlib 1.6.4-1
[trixie] - python-authlib 1.6.0-1+deb13u1
- [bookworm] - python-authlib <no-dsa> (Minor issue)
+ [bookworm] - python-authlib 1.2.0-1+deb12u1
NOTE: https://github.com/authlib/authlib/security/advisories/GHSA-9ggr-2464-2j32
NOTE: https://github.com/authlib/authlib/commit/6b1813e4392eb7c168c276099ff7783b176479df (v1.6.4)
CVE-2025-59418 (BunnyPad is a note taking software. Prior to version 11.0.27000.0915, ...)
@@ -106201,7 +106181,7 @@ CVE-2025-59431 (MapServer is a system for developing web-based GIS applications.
{DLA-4506-1}
- mapserver 8.4.1-1
[trixie] - mapserver 8.4.0-4+deb13u1
- [bookworm] - mapserver <no-dsa> (Minor issue)
+ [bookworm] - mapserver 8.0.0-3+deb12u1
NOTE: https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w
NOTE: https://github.com/MapServer/MapServer/commit/aaeedcdabd1cca4b0f1e94cdcd5e48922d97dd00 (main)
NOTE: https://github.com/MapServer/MapServer/commit/1c73acaa2d7a8b1d3955f076186e57fc8c06e0c6 (rel-8-4-1)
@@ -110564,7 +110544,7 @@ CVE-2025-48041 (Allocation of Resources Without Limits or Throttling vulnerabili
{DLA-4376-1}
- erlang 1:27.3.4.3+dfsg-1 (bug #1115090)
[trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u1
- [bookworm] - erlang <no-dsa> (Minor issue)
+ [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-79c4-cvv7-4qm3
NOTE: https://github.com/erlang/otp/pull/10157
NOTE: https://github.com/erlang/otp/commit/5f9af63eec4657a37663828d206517828cb9f288 (OTP-27.3.4.3, OTP-28.0.3)
@@ -110572,7 +110552,7 @@ CVE-2025-48041 (Allocation of Resources Without Limits or Throttling vulnerabili
CVE-2025-48040 (Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh ...)
- erlang 1:27.3.4.3+dfsg-1 (bug #1115091)
[trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u1
- [bookworm] - erlang <no-dsa> (Minor issue)
+ [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
[bullseye] - erlang <postponed> (Minor issue)
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-h7rg-6rjg-4cph
NOTE: https://github.com/erlang/otp/pull/10162
@@ -110582,7 +110562,7 @@ CVE-2025-48039 (Allocation of Resources Without Limits or Throttling vulnerabili
{DLA-4376-1}
- erlang 1:27.3.4.3+dfsg-1 (bug #1115092)
[trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u1
- [bookworm] - erlang <no-dsa> (Minor issue)
+ [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-rr5p-6856-j7h8
NOTE: https://github.com/erlang/otp/pull/10155
NOTE: https://github.com/erlang/otp/commit/c242e6458967e9514bea351814151695807a54ac (OTP-27.3.4.3, OTP-28.0.3)
@@ -110591,7 +110571,7 @@ CVE-2025-48038 (Allocation of Resources Without Limits or Throttling vulnerabili
{DLA-4376-1}
- erlang 1:27.3.4.3+dfsg-1 (bug #1115093)
[trixie] - erlang 1:27.3.4.1+dfsg-1+deb13u1
- [bookworm] - erlang <no-dsa> (Minor issue)
+ [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
NOTE: https://github.com/erlang/otp/security/advisories/GHSA-pvj7-9652-7h9r
NOTE: https://github.com/erlang/otp/pull/10156
NOTE: https://github.com/erlang/otp/commit/4e3bf86777ab3db7220c11d8ddabf15970ddd10a (OTP-27.3.4.3, OTP-28.0.3)
@@ -121760,9 +121740,9 @@ CVE-2025-55188 (7-Zip before 25.01 does not always properly handle symbolic link
{DLA-4576-1}
- 7zip 25.01+dfsg-1 (bug #1111068)
[trixie] - 7zip 25.01+dfsg-1~deb13u1
- [bookworm] - 7zip <no-dsa> (Minor issue)
+ [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
- p7zip 16.02+transitional.1
- [bookworm] - p7zip <no-dsa> (Minor issue)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
NOTE: depending on 7zip. Mark this version as fixed version.
NOTE: https://github.com/ip7z/7zip/releases/tag/25.01
@@ -124575,7 +124555,7 @@ CVE-2025-8194 (There is a defect in the CPython \u201ctarfile\u201d module affec
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.12 <removed>
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
@@ -126141,7 +126121,6 @@ CVE-2025-53703 (DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data witho
CVE-2025-53538 (Suricata is a network IDS, IPS and NSM engine developed by the OISF (O ...)
- suricata 1:7.0.11-1 (bug #1109806)
[trixie] - suricata 1:7.0.10-1+deb13u1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <ignored> (Minor issue, http2 support not enabled by default (started in v7.0.0))
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qrr7-crgj-cmh3
NOTE: https://redmine.openinfosecfoundation.org/issues/7659
@@ -127622,7 +127601,9 @@ CVE-2025-53867 (Island Lake WebBatch before 2025C allows Remote Code Execution v
CVE-2025-53817 (7-Zip is a file archiver with a high compression ratio. 7-Zip supports ...)
{DLA-4576-1}
- 7zip 25.00+dfsg-1 (unimportant)
+ [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
- p7zip 16.02+transitional.1 (unimportant)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: Crash in CLI tool, no security impact
NOTE: https://securitylab.github.com/advisories/GHSL-2025-059_7-Zip/
NOTE: https://www.openwall.com/lists/oss-security/2025/07/18/2
@@ -127632,7 +127613,7 @@ CVE-2025-53816 (7-Zip is a file archiver with a high compression ratio. Zeroes w
{DLA-4577-1}
- 7zip-rar 25.00+ds-1 (bug #1109494)
- p7zip-rar 16.02+transitional.1
- [bookworm] - p7zip-rar <no-dsa> (Non-free not supported)
+ [bookworm] - p7zip-rar 16.02+really25.00+ds-0+deb12u1
NOTE: https://securitylab.github.com/advisories/GHSL-2025-058_7-Zip/
NOTE: https://www.openwall.com/lists/oss-security/2025/07/18/1
NOTE: Since p7zip-rar/16.02+transitional.1 src:p7zip-rar is only a empty source package
@@ -133627,7 +133608,7 @@ CVE-2025-32462 (Sudo before 1.9.17p1, when used with a sudoers file that specifi
NOTE: https://www.sudo.ws/security/advisories/host_any/
CVE-2025-6297 (It was discovered that dpkg-deb does not properly sanitize directory p ...)
- dpkg 1.22.21
- [bookworm] - dpkg <no-dsa> (Minor issue)
+ [bookworm] - dpkg 1.21.23
[bullseye] - dpkg <postponed> (Minor issue)
NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=ed6bbd445dd8800308c67236ba35d08004c98e82 (main)
NOTE: Fixed by: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=98c623c8d6814ae46a3b30ca22e584c77d47d86b (1.22.21)
@@ -137928,7 +137909,7 @@ CVE-2025-6069 (The html.parser.HTMLParser class had worse-case quadratic complex
[trixie] - python3.13 3.13.5-2+deb13u1
- python3.12 <removed>
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- python2.7 <removed>
[bullseye] - python2.7 <end-of-life> (EOL in bullseye LTS)
@@ -140296,7 +140277,7 @@ CVE-2025-5918 (A vulnerability has been identified in the libarchive library. Th
{DLA-4368-1}
- libarchive 3.8.4-1 (bug #1107624)
[trixie] - libarchive 3.7.4-4+deb13u1
- [bookworm] - libarchive <no-dsa> (Minor issue)
+ [bookworm] - libarchive 3.6.2-1+deb12u4
NOTE: https://github.com/libarchive/libarchive/pull/2584
NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/dcbf1e0ededa95849f098d154a25876ed5754bcf (v3.8.0)
NOTE: Regression: https://github.com/libarchive/libarchive/issues/2641
@@ -144679,7 +144660,7 @@ CVE-2024-12093 (An issue has been discovered in GitLab CE/EE affecting all versi
CVE-2023-47466 (TagLib before 2.0 allows a segmentation violation and application cras ...)
{DLA-4450-1}
- taglib 2.0.2-1
- [bookworm] - taglib <no-dsa> (Minor issue)
+ [bookworm] - taglib 1.13-2+deb12u1
NOTE: https://github.com/taglib/taglib/issues/1163
NOTE: https://github.com/taglib/taglib/pull/1164
NOTE: Fixed by: https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf (v2.0beta)
@@ -147302,7 +147283,7 @@ CVE-2025-4516 (There is an issue in CPython when using `bytes.decode("unicode_es
- python3.13 3.13.3-4
- python3.12 <removed>
- python3.11 <removed>
- [bookworm] - python3.11 <no-dsa> (Minor issue)
+ [bookworm] - python3.11 3.11.2-6+deb12u7
- python3.9 <removed>
- pypy3 <not-affected> (Vulnerable code not present; memory error in C code implementation)
NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/
@@ -150820,7 +150801,7 @@ CVE-2025-46813 (Discourse is an open-source community platform. A data leak vuln
NOT-FOR-US: Discourse
CVE-2025-46734 (league/commonmark is a PHP Markdown parser. A cross-site scripting (XS ...)
- php-league-commonmark 2.7.0-1
- [bookworm] - php-league-commonmark <no-dsa> (Minor issue)
+ [bookworm] - php-league-commonmark 2.3.9-1+deb12u1
[bullseye] - php-league-commonmark <ignored> (Minor issue, intrusive to backport)
NOTE: https://github.com/thephpleague/commonmark/security/advisories/GHSA-3527-qv2q-pfvx
NOTE: https://github.com/thephpleague/commonmark/commit/f0d626cf05ad3e99e6db26ebcb9091b6cd1cd89b (2.7.0)
@@ -166560,7 +166541,7 @@ CVE-2025-2589 (A vulnerability was found in code-projects Human Resource Managem
CVE-2025-2588 (A vulnerability has been found in Hercules Augeas 1.14.1 and classifie ...)
- augeas 1.14.1-1.1 (bug #1101714)
[trixie] - augeas 1.14.1-1.1~deb13u1
- [bookworm] - augeas <no-dsa> (Minor issue)
+ [bookworm] - augeas 1.14.0-1+deb12u1
[bullseye] - augeas <postponed> (Minor issue)
NOTE: https://github.com/hercules-team/augeas/issues/852
NOTE: https://github.com/hercules-team/augeas/pull/854
@@ -167699,17 +167680,14 @@ CVE-2024-10441 (Improper encoding or escaping of output vulnerability in the sys
CVE-2025-29918 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
{DLA-4103-1}
- suricata 1:7.0.9-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/b14c67cbdf25fa6c7ffe0d04ddf3ebe67b12b50b (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/f6c9490e1f7b0b375c286d5313ebf3bc81a95eb6 (suricata-7.0.9)
CVE-2025-29917 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.9-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/32d0bd2bbb4d486623dec85a94952fde2515f2f0 (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/bab716776ba3561cfbfd1a57fc18ff1f6859f019 (suricata-7.0.9)
CVE-2025-29916 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.9-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/d32a39ca4b53d7f659f4f0a2a5c162ef97dc4797 (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/a7713db709b8a0be5fc5e5809ab58e9b14a16e85 (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/2f432c99a9734ea3a75c9218f35060e11a7a39ad (suricata-7.0.9)
@@ -167717,7 +167695,6 @@ CVE-2025-29916 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: Fixed by: https://github.com/OISF/suricata/commit/d86c5f9f0c75736d4fce93e27c0773fcb27e1047 (suricata-7.0.9)
CVE-2025-29915 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.9-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/25d0fba91274e8d26e804f278c281a5c9f5309e9 (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/808502d5cac0681e17859ed1aef9be8f508c4b13 (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/c342b054f40630521253666d3ca0192250a59ad2 (master)
@@ -169730,30 +169707,30 @@ CVE-2025-2190 (The mobile application (com.transsnet.store) has a man-in-the-mid
CVE-2025-2177 (A vulnerability classified as critical was found in libzvbi up to 0.2. ...)
{DLA-4449-1}
- zvbi 0.2.44-1
- [bookworm] - zvbi <no-dsa> (Minor issue)
+ [bookworm] - zvbi 0.2.41-1+deb12u1
NOTE: https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
NOTE: https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f (v0.2.44)
CVE-2025-2176 (A vulnerability classified as critical has been found in libzvbi up to ...)
{DLA-4449-1}
- zvbi 0.2.44-1
- [bookworm] - zvbi <no-dsa> (Minor issue)
+ [bookworm] - zvbi 0.2.41-1+deb12u1
NOTE: https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
NOTE: https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f (v0.2.44)
CVE-2025-2175 (A vulnerability was found in libzvbi up to 0.2.43. It has been rated a ...)
{DLA-4449-1}
- zvbi 0.2.44-1
- [bookworm] - zvbi <no-dsa> (Minor issue)
+ [bookworm] - zvbi 0.2.41-1+deb12u1
NOTE: https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
CVE-2025-2174 (A vulnerability was found in libzvbi up to 0.2.43. It has been declare ...)
{DLA-4449-1}
- zvbi 0.2.44-1
- [bookworm] - zvbi <no-dsa> (Minor issue)
+ [bookworm] - zvbi 0.2.41-1+deb12u1
NOTE: https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
NOTE: https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f (v0.2.44)
CVE-2025-2173 (A vulnerability was found in libzvbi up to 0.2.43. It has been classif ...)
{DLA-4449-1}
- zvbi 0.2.44-1
- [bookworm] - zvbi <no-dsa> (Minor issue)
+ [bookworm] - zvbi 0.2.41-1+deb12u1
NOTE: https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf
NOTE: https://github.com/zapping-vbi/zvbi/commit/8def647eea27f7fd7ad33ff79c2d6d3e39948dce (v0.2.44)
CVE-2025-2169 (The The WPCS \u2013 WordPress Currency Switcher Professional plugin fo ...)
@@ -178370,107 +178347,107 @@ CVE-2024-12860 (The CarSpot \u2013 Dealership Wordpress Classified Theme theme f
NOT-FOR-US: WordPress plugin
CVE-2025-1125 (When reading data from a hfs filesystem, grub's hfs filesystem module ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-1118 (A flaw was found in grub2. Grub's dump command is not blocked when gru ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0690 (The read command is used to read the keyboard input from the user, whi ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0689 (When reading data from disk, the grub's UDF filesystem module utilizes ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0686 (A flaw was found in grub2. When performing a symlink lookup from a rom ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0685 (A flaw was found in grub2. When reading data from a jfs filesystem, gr ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0684 (A flaw was found in grub2. When performing a symlink lookup from a rei ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0678 (A flaw was found in grub2. When reading data from a squash4 filesystem ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0677 (A flaw was found in grub2. When performing a symlink lookup, the grub' ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0624 (A flaw was found in grub2. During the network boot process, when tryin ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-0622 (A flaw was found in command/gpg. In some scenarios, hooks created by l ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45783 (A flaw was found in grub2. When failing to mount an HFS+ grub, the hfs ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45782 (A flaw was found in the HFS filesystem. When reading an HFS volume's n ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45781 (A flaw was found in grub2. When reading a symbolic link's name from a ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45780 (A flaw was found in grub2. When reading tar files, grub2 allocates an ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45779 (An integer overflow flaw was found in the BFS file system driver in gr ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45778 (A stack overflow flaw was found when reading a BFS file system. A craf ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45777 (A flaw was found in grub2. The calculation of the translation buffer w ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45776 (When reading the language .mo file in grub_mofile_open(), grub2 fails ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45775 (A flaw was found in grub2 where the grub_extcmd_dispatcher() function ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2024-45774 (A flaw was found in grub2. A specially crafted JPEG file can cause the ...)
- grub2 2.12-6 (bug #1098319)
- [bookworm] - grub2 <no-dsa> (Minor issue, will be fixed via point release)
+ [bookworm] - grub2 2.06-13+deb12u2
NOTE: https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
NOTE: https://www.openwall.com/lists/oss-security/2025/02/18/3
CVE-2025-27113 (libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer der ...)
@@ -181450,6 +181427,7 @@ CVE-2024-57609 (An issue in Kanaries Inc Pygwalker before v.0.4.9.9 allows a rem
CVE-2024-57392 (Buffer Overflow vulnerability in Proftpd commit 4017eff8 allows a remo ...)
{DLA-4077-1}
- proftpd-dfsg 1.3.8.c+dfsg-2 (unimportant)
+ [bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u5
NOTE: https://github.com/proftpd/proftpd/issues/1866
NOTE: https://github.com/proftpd/proftpd/issues/1866#issuecomment-2645976560
NOTE: https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d
@@ -191795,7 +191773,6 @@ CVE-2024-56828 (File Upload vulnerability in ChestnutCMS through 1.5.0. Based on
NOT-FOR-US: ChestnutCMS
CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.8-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-69wr-vhwg-84h2
NOTE: Fixed by: https://github.com/OISF/suricata/commit/6882bcb3e51bd3cf509fb6569cc30f48d7bb53d7 (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/779f9d8ba35c3f9b5abfa327d3a4209861bd2eb8 (master)
@@ -191803,7 +191780,6 @@ CVE-2024-55629 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: Fixed by: https://github.com/OISF/suricata/commit/c4d8790db85164714c92556fbc8e849e9df6355b (suricata-7.0.8)
CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.8-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-96w4-jqwf-qx2j
NOTE: Fixed by: https://github.com/OISF/suricata/commit/19cf0f81335d9f787d587450f7105ad95a648951 (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/37f4c52b22fcdde4adf9b479cb5700f89d00768d (master)
@@ -191813,7 +191789,6 @@ CVE-2024-55628 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: Fixed by: https://github.com/OISF/suricata/commit/71212b78bd1b7b841c9d9a907d0b3eea71a54060 (suricata-7.0.8)
CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.8-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-h2mv-7gg8-8x7v
NOTE: Fixed by: https://github.com/OISF/suricata/commit/282509f70c4ce805098e59535af445362e3e9ebd (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/8900041405dbb5f9584edae994af2100733fb4be (master)
@@ -191824,13 +191799,11 @@ CVE-2024-55627 (Suricata is a network Intrusion Detection System, Intrusion Prev
CVE-2024-55626 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
{DLA-4103-1}
- suricata 1:7.0.8-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-wmg4-jqx5-4h9v
NOTE: Fixed by: https://github.com/OISF/suricata/commit/dd71ef0af222a566e54dfc479dd1951dd17d7ceb (master)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/470795e65ba77cffba3aed850313a5f23c4b278d (suricata-7.0.8)
CVE-2024-55605 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.8-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-x2hr-33vp-w289
NOTE: Fixed by: https://github.com/OISF/suricata/commit/f80ebd5a30b02db5915f749f0c067c7adefbbe76 (suricata-7.0.8)
NOTE: Fixed by: https://github.com/OISF/suricata/commit/c3a6abf60134c2993ee3802ee52206e9fdbf55ba (suricata-7.0.8)
@@ -202825,7 +202798,9 @@ CVE-2024-11619 (A vulnerability, which was classified as problematic, has been f
CVE-2024-11612 (7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vu ...)
{DLA-4576-1}
- 7zip 24.08+dfsg-1 (unimportant)
+ [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
- p7zip 16.02+transitional.1 (unimportant)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: Crash in CLI tool, no security impact
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-24-1606/
NOTE: https://bushido-sec.com/index.php/2024/11/22/2ourc3-vulnerabiltiy-7zip-fuzzing/
@@ -215791,7 +215766,6 @@ CVE-2024-47637 (Relative Path Traversal vulnerability in LiteSpeed Technologies
NOT-FOR-US: WordPress plugin
CVE-2024-47522 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.7-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-w5xv-6586-jpm7
NOTE: https://redmine.openinfosecfoundation.org/issues/7267
@@ -215799,13 +215773,11 @@ CVE-2024-47351 (Improper Limitation of a Pathname to a Restricted Directory ('Pa
NOT-FOR-US: WordPress plugin
CVE-2024-47188 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.7-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qq5v-qcjx-f872
NOTE: https://redmine.openinfosecfoundation.org/issues/7289
CVE-2024-47187 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.7-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-64ww-4f6x-863p
NOTE: https://redmine.openinfosecfoundation.org/issues/7209
@@ -215826,12 +215798,10 @@ CVE-2024-45797 (LibHTP is a security-aware parser for the HTTP protocol and the
CVE-2024-45796 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
{DLA-4103-1}
- suricata 1:7.0.7-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-mf6r-3xp2-v7xg
NOTE: https://redmine.openinfosecfoundation.org/issues/7067
CVE-2024-45795 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.7-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-6r8w-fpw6-cp9g
NOTE: https://redmine.openinfosecfoundation.org/issues/7195
@@ -238547,14 +238517,12 @@ CVE-2024-39317 (Wagtail is an open source content management system built on Dja
NOT-FOR-US: Wagtail
CVE-2024-38536 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.6-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh
NOTE: https://redmine.openinfosecfoundation.org/issues/7029
NOTE: https://redmine.openinfosecfoundation.org/issues/7033
CVE-2024-38535 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.6-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563
NOTE: https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7 (suricata-6.0.20)
@@ -238563,7 +238531,6 @@ CVE-2024-38535 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: https://redmine.openinfosecfoundation.org/issues/7112
CVE-2024-38534 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.6-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq
NOTE: https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae (suricata-7.0.6)
@@ -238572,7 +238539,6 @@ CVE-2024-38534 (Suricata is a network Intrusion Detection System, Intrusion Prev
CVE-2024-37151 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
{DLA-4103-1}
- suricata 1:7.0.6-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24
NOTE: https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0 (suricata-6.0.20)
NOTE: https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b (suricata-7.0.6)
@@ -240638,6 +240604,7 @@ CVE-2023-52169 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz)
[bookworm] - 7zip 22.01+dfsg-8+deb12u1
NOTE: Crash in CLI tool, no security impact
- p7zip 16.02+transitional.1 (unimportant)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: https://sourceforge.net/p/sevenzip/bugs/2402/
NOTE: https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
NOTE: https://www.openwall.com/lists/oss-security/2024/07/03/10
@@ -240648,7 +240615,7 @@ CVE-2023-52168 (The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz)
- 7zip 24.05+dfsg-1
[bookworm] - 7zip 22.01+dfsg-8+deb12u1
- p7zip 16.02+transitional.1
- [bookworm] - p7zip <no-dsa> (Minor issue)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: https://sourceforge.net/p/sevenzip/bugs/2402/
NOTE: https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/
NOTE: https://www.openwall.com/lists/oss-security/2024/07/03/10
@@ -247250,7 +247217,7 @@ CVE-2024-37569 (An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x
CVE-2024-37568 (lepture Authlib before 1.3.1 has algorithm confusion with asymmetric p ...)
{DLA-4352-1}
- python-authlib 1.3.1-1
- [bookworm] - python-authlib <no-dsa> (Minor issue)
+ [bookworm] - python-authlib 1.2.0-1+deb12u1
NOTE: https://github.com/lepture/authlib/issues/654
NOTE: https://github.com/lepture/authlib/commit/3bea812acefebc9ee108aa24557be3ba8971daf1 (v1.3.1)
CVE-2024-35748 (Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.T ...)
@@ -259371,7 +259338,6 @@ CVE-2024-33120 (Roothub v2.5 was discovered to contain an arbitrary file upload
NOT-FOR-US: Roothub
CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.5-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-xvrx-88mv-xcq5
NOTE: https://github.com/OISF/suricata/commit/2f39ba75f153ba9bdf8eedc2a839cc973dbaea66 (suricata-7.0.5)
@@ -259385,7 +259351,6 @@ CVE-2024-32867 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: https://redmine.openinfosecfoundation.org/issues/6677
CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.5-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-79vh-hpwq-3jh7
NOTE: https://github.com/OISF/suricata/commit/311002baf288a225f62cf18a90c5fdd294447379 (suricata-7.0.5)
@@ -259393,7 +259358,6 @@ CVE-2024-32664 (Suricata is a network Intrusion Detection System, Intrusion Prev
CVE-2024-32663 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
{DLA-4103-1}
- suricata 1:7.0.5-1
- [bookworm] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-9jxm-qw9v-266r
NOTE: https://github.com/OISF/suricata/commit/08d93f7c3762781b743f88f9fdc4389eb9c3eb64 (suricata-6.0.19)
NOTE: https://github.com/OISF/suricata/commit/d24b37a103c04bb2667e449e080ba4c8e56bb019 (suricata-6.0.19)
@@ -271229,7 +271193,6 @@ CVE-2024-29006 (By default the CloudStack management server honours the x-forwar
NOT-FOR-US: Apache CloudStack
CVE-2024-28870 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.4-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-mhhx-xw7r-r5c8
NOTE: https://redmine.openinfosecfoundation.org/issues/6800
@@ -282459,13 +282422,13 @@ CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x befo
CVE-2026-44167 (phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0 ...)
- phpseclib 1.0.29-1
[trixie] - phpseclib 1.0.23-6+deb13u3
- [bookworm] - phpseclib <no-dsa> (Minor issue, will be fixed via point update)
+ [bookworm] - phpseclib 1.0.20-1+deb12u5
- php-phpseclib 2.0.54-1
[trixie] - php-phpseclib 2.0.48-3+deb13u3
- [bookworm] - php-phpseclib <no-dsa> (Minor issue, will be fixed via point update)
+ [bookworm] - php-phpseclib 2.0.42-1+deb12u5
- php-phpseclib3 3.0.52-1
[trixie] - php-phpseclib3 3.0.43-2+deb13u3
- [bookworm] - php-phpseclib3 <no-dsa> (Minor issue, will be fixed via point update)
+ [bookworm] - php-phpseclib3 3.0.19-1+deb12u6
NOTE: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7
NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc (3.0.52, 2.0.54, 1.0.29)
CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...)
@@ -282778,7 +282741,6 @@ CVE-2024-24714 (Unrestricted Upload of File with Dangerous Type vulnerability in
NOT-FOR-US: WordPress plugin
CVE-2024-24568 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.3-1
- [bookworm] - suricata <not-affected> (Vulnerable code not present)
[bullseye] - suricata <not-affected> (Vulnerable code not present)
[buster] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c
@@ -282792,7 +282754,6 @@ CVE-2024-24401 (SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remo
NOT-FOR-US: Nagios XI
CVE-2024-23839 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.3-1
- [bookworm] - suricata <not-affected> (Vulnerable code not present)
[bullseye] - suricata <not-affected> (Vulnerable code not present)
[buster] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7
@@ -282808,7 +282769,6 @@ CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol. Crafted
NOTE: https://redmine.openinfosecfoundation.org/issues/6444
CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.3-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
[buster] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
@@ -282830,7 +282790,6 @@ CVE-2024-23836 (Suricata is a network Intrusion Detection System, Intrusion Prev
NOTE: https://redmine.openinfosecfoundation.org/issues/6660
CVE-2024-23835 (Suricata is a network Intrusion Detection System, Intrusion Prevention ...)
- suricata 1:7.0.3-1
- [bookworm] - suricata <not-affected> (Vulnerable code not present)
[bullseye] - suricata <not-affected> (Vulnerable code not present)
[buster] - suricata <not-affected> (Vulnerable code not present)
NOTE: https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc
@@ -292047,7 +292006,7 @@ CVE-2022-4959 (A vulnerability classified as problematic was found in qkmc-rk re
CVE-2022-48620 (uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if m ...)
{DLA-4454-1}
- libuev 2.4.1-1 (bug #1060692)
- [bookworm] - libuev <no-dsa> (Minor issue)
+ [bookworm] - libuev 2.4.0-1.1+deb12u1
NOTE: https://github.com/troglobit/libuev/issues/27
NOTE: https://github.com/troglobit/libuev/commit/2d9f1c9ce655cc38511aeeb6e95ac30914f7aec9 (v2.4.1)
CVE-2022-48619 (An issue was discovered in drivers/input/input.c in the Linux kernel b ...)
@@ -292632,7 +292591,7 @@ CVE-2023-46712 (A improper access control in Fortinet FortiPortal version 7.0.0
NOT-FOR-US: FortiGuard
CVE-2023-45139 (fontTools is a library for manipulating fonts, written in Python. The ...)
- fonttools 4.46.0-1
- [bookworm] - fonttools <no-dsa> (Minor issue)
+ [bookworm] - fonttools 4.38.0-1+deb12u1
[bullseye] - fonttools <not-affected> (Vulnerable code not present)
[buster] - fonttools <not-affected> (Vulnerable code not present)
NOTE: https://github.com/fonttools/fonttools/security/advisories/GHSA-6673-4983-2vx5
@@ -297785,7 +297744,7 @@ CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable t
NOTE: Fixed by: https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b (jq-1.7.1)
CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...)
- php-dompdf 2.0.4+dfsg-1 (bug #1058793)
- [bookworm] - php-dompdf <no-dsa> (Minor issue)
+ [bookworm] - php-dompdf 2.0.3+dfsg-1+deb12u1
[bullseye] - php-dompdf <not-affected> (SVG images are rejected by default)
[buster] - php-dompdf <not-affected> (SVG images are rejected by default)
NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2
@@ -301037,7 +300996,7 @@ CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the
CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ...)
{DLA-4019-1}
- busybox 1:1.37.0-1 (bug #1059052)
- [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - busybox 1:1.35.0-4+deb12u1
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15871
NOTE: Fixed by: https://git.busybox.net/busybox/commit/editors/awk.c?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4 (1_37_0)
@@ -301046,7 +301005,7 @@ CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox v.1.36.
CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ...)
{DLA-4019-1}
- busybox 1:1.37.0-1 (bug #1059051)
- [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - busybox 1:1.35.0-4+deb12u1
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15868
NOTE: Fixed by: https://git.busybox.net/busybox/commit/editors/awk.c?id=0256e00a9d077588bd3a39f5a1ef7e2eaa2911e4 (1_37_0)
@@ -301054,7 +301013,7 @@ CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows attack
NOTE: Fixed by: https://git.busybox.net/busybox/commit/editors/awk.c?id=38335df9e9f45378c3407defd38b5b610578bdda (1_37_0)
CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf function in ...)
- busybox 1:1.37.0-1 (bug #1059050)
- [bookworm] - busybox <no-dsa> (Minor issue)
+ [bookworm] - busybox 1:1.35.0-4+deb12u1
[bullseye] - busybox <ignored> (Minor issue)
[buster] - busybox <ignored> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15865
@@ -307213,7 +307172,7 @@ CVE-2023-45805 (pdm is a Python package and dependency manager supporting the la
CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...)
- libxml-security-java 2.1.8-1.1 (bug #1059313)
[trixie] - libxml-security-java 2.1.8-1.1~deb13u1
- [bookworm] - libxml-security-java <no-dsa> (Minor issue)
+ [bookworm] - libxml-security-java 2.1.7-3+deb12u1
[bullseye] - libxml-security-java <no-dsa> (Minor issue)
[buster] - libxml-security-java <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5
@@ -311033,7 +310992,7 @@ CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to c
CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...)
{DLA-3777-1}
- composer 2.6.4-1
- [bookworm] - composer <postponed> (Minor issue, fix along in a future update)
+ [bookworm] - composer 2.5.5-1+deb12u4
[bullseye] - composer <no-dsa> (Minor issue)
NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf
NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27)
@@ -321921,7 +321880,7 @@ CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cro
CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...)
{DLA-4488-1}
- modsecurity-crs 3.3.5-1 (bug #1041109)
- [bookworm] - modsecurity-crs <no-dsa> (Minor issue)
+ [bookworm] - modsecurity-crs 3.3.4-1+deb12u2
[buster] - modsecurity-crs <postponed> (Minor issue)
NOTE: https://github.com/coreruleset/coreruleset/issues/3191
NOTE: https://github.com/coreruleset/coreruleset/pull/3237
@@ -325190,14 +325149,12 @@ CVE-2023-35855 (A buffer overflow in Counter-Strike through 8684 allows a game s
NOT-FOR-US: Counter-Strike
CVE-2023-35853 (In Suricata before 6.0.13, an adversary who controls an external sourc ...)
- suricata 1:6.0.13-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
[buster] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da
CVE-2023-35852 (In Suricata before 6.0.13 (when there is an adversary who controls an ...)
{DLA-4103-1}
- suricata 1:6.0.13-1
- [bookworm] - suricata <no-dsa> (Minor issue)
[buster] - suricata <no-dsa> (Minor issue)
NOTE: https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335
NOTE: https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17
@@ -330408,8 +330365,9 @@ CVE-2023-31103 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Sof
CVE-2023-40481 (7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution ...)
{DLA-4576-1}
- 7zip 23.01+dfsg-1
- [bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
+ [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
- p7zip 16.02+transitional.1
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
@@ -330417,8 +330375,9 @@ CVE-2023-40481 (7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Exec
CVE-2023-31102 (Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid ...)
{DLA-4576-1}
- 7zip 23.01+dfsg-1
- [bookworm] - 7zip <no-dsa> (Minor issue; will be fixed via point release)
+ [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
- p7zip 16.02+transitional.1
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
NOTE: https://ds-security.com/post/integer-overflow-in-7-zip-cve-2023-31102/
@@ -357906,7 +357865,7 @@ CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execu
CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...)
{DLA-4019-1}
- busybox 1:1.37.0-1 (bug #1059049)
- [bookworm] - busybox <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - busybox 1:1.35.0-4+deb12u1
[buster] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=15216
NOTE: https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209 (1_37_0)
@@ -362922,6 +362881,7 @@ CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After ente
CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerabi ...)
{DLA-4576-1}
- p7zip 16.02+transitional.1 (unimportant)
+ [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
NOTE: https://sourceforge.net/p/p7zip/bugs/241/
NOTE: Crash in CLI tool, no security impact
NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
@@ -636017,7 +635977,7 @@ CVE-2019-5428
REJECTED
CVE-2019-5427 (c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack whe ...)
- c3p0 0.9.1.2-10.1 (low; bug #927936)
- [bookworm] - c3p0 <no-dsa> (Minor issue)
+ [bookworm] - c3p0 0.9.1.2-10.1~deb12u1
[bullseye] - c3p0 <no-dsa> (Minor issue)
[buster] - c3p0 <no-dsa> (Minor issue)
[stretch] - c3p0 <no-dsa> (Minor issue)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -1,351 +1,3 @@
-CVE-2023-50262
- [bookworm] - php-dompdf 2.0.3+dfsg-1+deb12u1
-CVE-2025-67269
- [bookworm] - gpsd 3.22-4.1+deb12u1
-CVE-2025-67268
- [bookworm] - gpsd 3.22-4.1+deb12u1
-CVE-2025-2173
- [bookworm] - zvbi 0.2.41-1+deb12u1
-CVE-2025-2174
- [bookworm] - zvbi 0.2.41-1+deb12u1
-CVE-2025-2175
- [bookworm] - zvbi 0.2.41-1+deb12u1
-CVE-2025-2176
- [bookworm] - zvbi 0.2.41-1+deb12u1
-CVE-2025-2177
- [bookworm] - zvbi 0.2.41-1+deb12u1
-CVE-2023-47466
- [bookworm] - taglib 1.13-2+deb12u1
-CVE-2022-48620
- [bookworm] - libuev 2.4.0-1.1+deb12u1
-CVE-2025-66034
- [bookworm] - fonttools 4.38.0-1+deb12u1
-CVE-2023-45139
- [bookworm] - fonttools 4.38.0-1+deb12u1
-CVE-2026-25636
- [bookworm] - calibre 6.13.0+repack-2+deb12u6
-CVE-2026-25635
- [bookworm] - calibre 6.13.0+repack-2+deb12u6
-CVE-2026-25731
- [bookworm] - calibre 6.13.0+repack-2+deb12u6
-CVE-2026-26064
- [bookworm] - calibre 6.13.0+repack-2+deb12u6
-CVE-2026-26065
- [bookworm] - calibre 6.13.0+repack-2+deb12u6
-CVE-2026-27824
- [bookworm] - calibre 6.13.0+repack-2+deb12u6
-CVE-2026-27810
- [bookworm] - calibre 6.13.0+repack-2+deb12u6
-CVE-2025-64329
- [bookworm] - containerd 1.6.20~ds1-1+deb12u3
-CVE-2025-48038
- [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
-CVE-2025-48039
- [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
-CVE-2025-48040
- [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
-CVE-2025-48041
- [bookworm] - erlang 1:25.2.3+dfsg-1+deb12u4
-CVE-2026-0988
- [bookworm] - glib2.0 2.74.6-2+deb12u9
-CVE-2026-1484
- [bookworm] - glib2.0 2.74.6-2+deb12u9
-CVE-2026-1485
- [bookworm] - glib2.0 2.74.6-2+deb12u9
-CVE-2026-1489
- [bookworm] - glib2.0 2.74.6-2+deb12u9
-CVE-2023-38199
- [bookworm] - modsecurity-crs 3.3.4-1+deb12u2
-CVE-2025-68158
- [bookworm] - python-authlib 1.2.0-1+deb12u1
-CVE-2025-62706
- [bookworm] - python-authlib 1.2.0-1+deb12u1
-CVE-2025-61920
- [bookworm] - python-authlib 1.2.0-1+deb12u1
-CVE-2025-59420
- [bookworm] - python-authlib 1.2.0-1+deb12u1
-CVE-2024-37568
- [bookworm] - python-authlib 1.2.0-1+deb12u1
-CVE-2022-48174
- [bookworm] - busybox 1:1.35.0-4+deb12u1
-CVE-2023-42363
- [bookworm] - busybox 1:1.35.0-4+deb12u1
-CVE-2023-42364
- [bookworm] - busybox 1:1.35.0-4+deb12u1
-CVE-2023-42365
- [bookworm] - busybox 1:1.35.0-4+deb12u1
-CVE-2023-31102
- [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
-CVE-2023-40481
- [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
-CVE-2025-11001
- [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
-CVE-2025-11002
- [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
-CVE-2025-55188
- [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
-CVE-2024-11612
- [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
-CVE-2025-53817
- [bookworm] - 7zip 22.01+really25.01+dfsg-0+deb12u1
-CVE-2026-33721
- [bookworm] - mapserver 8.0.0-3+deb12u1
-CVE-2025-59431
- [bookworm] - mapserver 8.0.0-3+deb12u1
-CVE-2026-28296
- [bookworm] - gvfs 1.50.3-1+deb12u1
-CVE-2026-28295
- [bookworm] - gvfs 1.50.3-1+deb12u1
-CVE-2026-33347
- [bookworm] - php-league-commonmark 2.3.9-1+deb12u1
-CVE-2026-30838
- [bookworm] - php-league-commonmark 2.3.9-1+deb12u1
-CVE-2025-46734
- [bookworm] - php-league-commonmark 2.3.9-1+deb12u1
-CVE-2026-27654
- [bookworm] - nginx 1.22.1-9+deb12u5
-CVE-2026-27784
- [bookworm] - nginx 1.22.1-9+deb12u5
-CVE-2026-32647
- [bookworm] - nginx 1.22.1-9+deb12u5
-CVE-2026-27651
- [bookworm] - nginx 1.22.1-9+deb12u5
-CVE-2026-28753
- [bookworm] - nginx 1.22.1-9+deb12u5
-CVE-2026-28755
- [bookworm] - nginx 1.22.1-9+deb12u5
-CVE-2022-47069
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2023-31102
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2023-40481
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2023-52168
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2023-52169
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2024-11612
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2025-11001
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2025-11002
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2025-53817
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2025-55188
- [bookworm] - p7zip 16.02+really25.01+dfsg-0+deb12u1
-CVE-2024-45774
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45775
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45776
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45777
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45778
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45779
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45780
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45781
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45782
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2024-45783
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0622
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0624
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0677
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0678
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0684
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0685
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0686
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0689
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-0690
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-1118
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-1125
- [bookworm] - grub2 2.06-13+deb12u2
-CVE-2025-6297
- [bookworm] - dpkg 1.21.23
-CVE-2026-2219
- [bookworm] - dpkg 1.21.23
-CVE-2025-53816
- [bookworm] - p7zip-rar 16.02+really25.00+ds-0+deb12u1
-CVE-2025-63261
- [bookworm] - awstats 7.8-3+deb12u2
-CVE-2026-34881
- [bookworm] - glance 2:25.1.0-2+deb12u2
-CVE-2026-3283
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-3284
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-3282
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-3281
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-3147
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-3145
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-3146
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-2913
- [bookworm] - vips 8.14.1-3+deb12u3
-CVE-2026-32853
- [bookworm] - libvncserver 0.9.14+dfsg-1+deb12u1
-CVE-2026-32854
- [bookworm] - libvncserver 0.9.14+dfsg-1+deb12u1
-CVE-2026-4878
- [bookworm] - libcap2 1:2.66-4+deb12u3
-CVE-2025-61911
- [bookworm] - python-ldap 3.4.3-2+deb12u1
-CVE-2025-61912
- [bookworm] - python-ldap 3.4.3-2+deb12u1
-CVE-2026-40198
- [bookworm] - libnet-cidr-lite-perl 0.22-3~deb12u1
-CVE-2026-40199
- [bookworm] - libnet-cidr-lite-perl 0.22-3~deb12u1
-CVE-2026-35535
- [bookworm] - sudo 1.9.13p3-1+deb12u4
-CVE-2026-33999
- [bookworm] - xorg-server 2:21.1.7-3+deb12u12
-CVE-2026-34000
- [bookworm] - xorg-server 2:21.1.7-3+deb12u12
-CVE-2026-34001
- [bookworm] - xorg-server 2:21.1.7-3+deb12u12
-CVE-2026-34002
- [bookworm] - xorg-server 2:21.1.7-3+deb12u12
-CVE-2026-34003
- [bookworm] - xorg-server 2:21.1.7-3+deb12u12
-CVE-2026-40194
- [bookworm] - php-phpseclib3 3.0.19-1+deb12u5
- [bookworm] - php-phpseclib 2.0.42-1+deb12u4
- [bookworm] - phpseclib 1.0.20-1+deb12u4
-CVE-2026-44167 [Bypass of CVE-2024-27355 mitigations]
- [bookworm] - phpseclib 1.0.20-1+deb12u5
- [bookworm] - php-phpseclib 2.0.42-1+deb12u5
- [bookworm] - php-phpseclib3 3.0.19-1+deb12u6
-CVE-2026-40261
- [bookworm] - composer 2.5.5-1+deb12u4
-CVE-2026-40176
- [bookworm] - composer 2.5.5-1+deb12u4
-CVE-2023-43655
- [bookworm] - composer 2.5.5-1+deb12u4
-CVE-2026-40386
- [bookworm] - libexif 0.6.24-1+deb12u1
-CVE-2026-40385
- [bookworm] - libexif 0.6.24-1+deb12u1
-CVE-2026-32775
- [bookworm] - libexif 0.6.24-1+deb12u1
-CVE-2026-5958
- [bookworm] - sed 4.9-1+deb12u1
-CVE-2026-6231
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
-CVE-2026-4359
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
-CVE-2025-14911
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
-CVE-2026-6691
- [bookworm] - mongo-c-driver 1.23.1-1+deb12u3
-CVE-2026-40226
- [bookworm] - systemd 252.39-1~deb12u2
-CVE-2026-40225
- [bookworm] - systemd 252.39-1~deb12u2
-CVE-2026-29111
- [bookworm] - systemd 252.39-1~deb12u2
-CVE-2026-4105
- [bookworm] - systemd 252.39-1~deb12u2
-CVE-2025-4516
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-6069
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-6075
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-8194
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-8291
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-11468
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-12084
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-13836
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-13837
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2025-15282
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2026-0672
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2026-0865
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2026-1299
- [bookworm] - python3.11 3.11.2-6+deb12u7
-CVE-2026-0861
- [bookworm] - glibc 2.36-9+deb12u14
-CVE-2026-0915
- [bookworm] - glibc 2.36-9+deb12u14
-CVE-2025-15281
- [bookworm] - glibc 2.36-9+deb12u14
-CVE-2026-4437
- [bookworm] - glibc 2.36-9+deb12u14
-CVE-2026-4438
- [bookworm] - glibc 2.36-9+deb12u14
-CVE-2026-4046
- [bookworm] - glibc 2.36-9+deb12u14
-CVE-2026-33691
- [bookworm] - modsecurity-crs 3.3.4-1+deb12u3
-CVE-2026-39402
- [bookworm] - lxc 1:5.0.2-1+deb12u4
-CVE-2024-57392
- [bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u5
-CVE-2026-42167
- [bookworm] - proftpd-dfsg 1.3.8+dfsg-4+deb12u5
-CVE-2026-28525
- [bookworm] - swupdate 2022.12+dfsg-4+deb12u2
-CVE-2019-5427
- [bookworm] - c3p0 0.9.1.2-10.1~deb12u1
-CVE-2026-35386
- [bookworm] - openssh 1:9.2p1-2+deb12u10
-CVE-2026-35414
- [bookworm] - openssh 1:9.2p1-2+deb12u10
-CVE-2026-35385
- [bookworm] - openssh 1:9.2p1-2+deb12u10
-CVE-2026-35387
- [bookworm] - openssh 1:9.2p1-2+deb12u10
-CVE-2026-35388
- [bookworm] - openssh 1:9.2p1-2+deb12u10
-CVE-2025-5918
- [bookworm] - libarchive 3.6.2-1+deb12u4
-CVE-2026-4111
- [bookworm] - libarchive 3.6.2-1+deb12u4
-CVE-2026-4424
- [bookworm] - libarchive 3.6.2-1+deb12u4
-CVE-2026-4426
- [bookworm] - libarchive 3.6.2-1+deb12u4
-CVE-2026-5121
- [bookworm] - libarchive 3.6.2-1+deb12u4
-CVE-2025-2588
- [bookworm] - augeas 1.14.0-1+deb12u1
-CVE-2025-69209
- [bookworm] - arduino-core-avr 1.8.7+dfsg-1~deb12u1
-CVE-2023-44483
- [bookworm] - libxml-security-java 2.1.7-3+deb12u1
-CVE-2025-34297
- [bookworm] - kissfft 131.1.0-4.1~deb12u1
-CVE-2026-41445
- [bookworm] - kissfft 131.1.0-4.1~deb12u1
CVE-2025-13462
[bookworm] - python3.11 3.11.2-6+deb12u8
CVE-2026-2297
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7fa672c0338d64032320d713fa917d1669766859...1f14c95db947f3bc6e079f417c182ce496a14f4b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/7fa672c0338d64032320d713fa917d1669766859...1f14c95db947f3bc6e079f417c182ce496a14f4b
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260516/c977ac9d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list