[Git][security-tracker-team/security-tracker][master] 3 commits: dla: add phpseclib, sync with php-phpseclib

Mon May 18 09:12:15 BST 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
dcec4b04 by Sylvain Beucler at 2026-05-18T10:12:06+02:00
dla: add phpseclib, sync with php-phpseclib

- - - - -
e1e853cf by Sylvain Beucler at 2026-05-18T10:12:08+02:00
CVE-2026-6766/nss: introductory commit

tls13_AEAD revamped with vulnerable code in that commit

- - - - -
b44e1827 by Sylvain Beucler at 2026-05-18T10:12:08+02:00
dla: add nss

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -17880,6 +17880,7 @@ CVE-2026-6766 (Incorrect boundary conditions in the Libraries component in NSS.
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/#CVE-2026-6766
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/#CVE-2026-6766
 	NOTE: https://hg.mozilla.org/projects/nss/rev/42da9a7f8a03
+	NOTE: Introduced by: https://hg-edge.mozilla.org/projects/nss/rev/e7c7f305078ea9c652e9af6f28af3c3eed36c8ab (NSS_3_52_BETA1)
 CVE-2026-6765 (Information disclosure in the Form Autofill component. This vulnerabil ...)
 	{DSA-6229-1 DSA-6225-1 DLA-4549-1 DLA-4546-1}
 	- firefox 150.0-1


=====================================
data/dla-needed.txt
=====================================
@@ -362,6 +362,10 @@ nodejs (rouca)
   NOTE: 20260317: DSA-6166-1 released for trixie (7 CVEs) (Beuc/front-desk)
   NOTE: 20260329: DSA-6183-1 released for trixie (7 CVEs) (Beuc)
 --
+nss
+  NOTE: 20260518: Added by Front-Desk (Beuc)
+  NOTE: 20260518: Upcoming DSA (3 CVEs) (Beuc/front-desk)
+--
 nvidia-cuda-toolkit
   NOTE: 20241004: Added by Front-Desk (Beuc)
 --
@@ -408,7 +412,13 @@ php-laravel-framework
 --
 php-phpseclib (utkarsh)
   NOTE: 20260327: Added by Front-Desk (Beuc)
-  NOTE: 20260327: Upcoming DSA; fix also the postponed issue (Beuc/front-desk)
+  NOTE: 20260327: Upcoming DSA; fix also the 2023 postponed issue (Beuc/front-desk)
+  NOTE: 20260329: DSA-6186-1
+  NOTE: 20260518: Also follow bookworm 12.14 (2 CVEs) (Beuc/front-desk)
+--
+phpseclib
+  NOTE: 20260518: Added by Front-Desk (Beuc)
+  NOTE: 20260518: Follow bookworm 12.14 (2 CVEs) (Beuc/front-desk)
 --
 postgresql-13
   NOTE: 20260514: Added by Front-Desk (pochu)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bc81472da51538f3f977673ab4447e5f00d3e...b44e18274b138e8c2dd37f46129f825df578bd24

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/c68bc81472da51538f3f977673ab4447e5f00d3e...b44e18274b138e8c2dd37f46129f825df578bd24
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/28e01d24/attachment-0001.htm>
