[Git][security-tracker-team/security-tracker][master] bogus CVE assignments for gobgp

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d696f3e3 by Moritz Muehlenhoff at 2026-05-18T23:23:59+02:00
bogus CVE assignments for gobgp

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -29130,20 +29130,23 @@ CVE-2026-5126 (A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affe
 CVE-2026-5125 (A vulnerability was detected in raine consult-llm-mcp up to 2.5.3. Aff ...)
 	NOT-FOR-US: raine consult-llm-mcp
 CVE-2026-5124 (A security vulnerability has been detected in osrg GoBGP up to 4.3.0.  ...)
-	- gobgp 4.4.0-1 (bug #1132653)
-	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
+	- gobgp 4.4.0-1 (bug #1132653; unimportant)
 	NOTE: https://github.com/osrg/gobgp/pull/3340
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/f0f24a2a901cbf159260698211ab15c583ced131 (v4.4.0)
+	NOTE: Not a security issue per upstream assessment:
+	NOTE: https://github.com/osrg/gobgp/issues/3362#issuecomment-4248281007
 CVE-2026-5123 (A weakness has been identified in osrg GoBGP up to 4.3.0. This impacts ...)
-	- gobgp 4.4.0-1 (bug #1132653)
-	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
+	- gobgp 4.4.0-1 (bug #1132653; unimportant)
 	NOTE: https://github.com/osrg/gobgp/pull/3342
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/67c059413470df64bc20801c46f64058e88f800f (v4.4.0)
+	NOTE: Not a security issue per upstream assessment:
+	NOTE: https://github.com/osrg/gobgp/issues/3362#issuecomment-4248281007
 CVE-2026-5122 (A security flaw has been discovered in osrg GoBGP up to 4.3.0. This af ...)
-	- gobgp 4.4.0-1 (bug #1132653)
-	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
+	- gobgp 4.4.0-1 (bug #1132653; unimportant)
 	NOTE: https://github.com/osrg/gobgp/pull/3343
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/2b09db390a3d455808363c53e409afe6b1b86d2d (v4.4.0)
+	NOTE: Not a security issue per upstream assessment:
+	NOTE: https://github.com/osrg/gobgp/issues/3362#issuecomment-4248281007
 CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer overflow ...)
 	{DLA-4563-1}
 	- libarchive 3.8.7-1 (bug #1133002)
@@ -129652,11 +129655,10 @@ CVE-2025-7466 (A vulnerability, which was classified as critical, has been found
 CVE-2025-7465 (A vulnerability classified as critical was found in Tenda FH1201 1.2.0 ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7464 (A vulnerability classified as problematic has been found in osrg GoBGP ...)
-	- gobgp 4.3.0-1 (bug #1109300)
-	[trixie] - gobgp <no-dsa> (Minor issue)
-	[bookworm] - gobgp <no-dsa> (Minor issue)
-	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
+	- gobgp 4.3.0-1 (bug #1109300; unimportant)
 	NOTE: Fixed by: https://github.com/osrg/gobgp/commit/e748f43496d74946d14fed85c776452e47b99d64
+	NOTE: Not a security issue per upstream:
+	NOTE: https://github.com/osrg/gobgp/issues/3189#issuecomment-3426317295
 CVE-2025-7463 (A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declar ...)
 	NOT-FOR-US: Tenda
 CVE-2025-7462 (A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d696f3e3ba5784ef70cf3c2ddfc9ee9e636de25f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d696f3e3ba5784ef70cf3c2ddfc9ee9e636de25f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260518/3c745e04/attachment.htm>