[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon May 18 13:33:50 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
34401a68 by Moritz Muehlenhoff at 2026-05-18T14:33:37+02:00
trixie/bookworm triage

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -3778,6 +3778,8 @@ CVE-2025-54518 (Improper isolation of shared resources within the CPU operation
 	NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
 CVE-2026-5089 (YAML::Syck versions before 1.38 for Perl  has an out-of-bounds read.   ...)
 	- libyaml-syck-perl 1.36-3
+	[trixie] - libyaml-syck-perl <no-dsa> (Minor issue)
+	[bookworm] - libyaml-syck-perl <no-dsa> (Minor issue)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39981051/
 	NOTE: https://github.com/cpan-authors/YAML-Syck/issues/132
 	NOTE: https://github.com/cpan-authors/YAML-Syck/pull/133
@@ -28110,6 +28112,8 @@ CVE-2026-4818 (In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists
 	NOT-FOR-US: Search Guard FLX
 CVE-2026-4800 (Impact:  The fix for CVE-2021-23337 (https://github.com/advisories/GHS ...)
 	- node-lodash 4.18.1+dfsg-1 (bug #1132500)
+	[trixie] - node-lodash <no-dsa> (Minor issue)
+	[bookworm] - node-lodash <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6 (4.18.0)
 	NOTE: Followup for tests: https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d (4.18.0)
 CVE-2026-4799 (In Search Guard FLX up to version 4.0.1, it is possible to use special ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -42,12 +42,16 @@ isc-kea/oldstable
 --
 jackson-core (apo)
 --
+jetty9
+--
 jetty12/stable
 --
 kamailio
 --
 krb5 (carnil)
 --
+libgcrypt20
+--
 libreswan/oldstable
 --
 linux (carnil)
@@ -58,6 +62,8 @@ mbedtls/oldstable
 --
 mimetex/oldstable
 --
+modsecurity
+--
 netatalk (jmm)
 --
 netty



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34401a68d52b62521dc438f4ce65ab8373dfe3f1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/34401a68d52b62521dc438f4ce65ab8373dfe3f1
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/5ce77c0d/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list