[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage

Moritz Muehlenhoff (@jmm) jmm at debian.org
Tue May 19 07:56:59 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7292ee37 by Moritz Muehlenhoff at 2026-05-19T08:56:10+02:00
trixie/bookworm triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1959,6 +1959,8 @@ CVE-2026-45028 (Astro is a web framework. Astro versions prior to 6.1.10 used AE
 	NOT-FOR-US: Astro
 CVE-2026-44919 (In OpenStack Ironic through 35.x before a3f6d73, during image handling ...)
 	- ironic 1:35.0.1-3 (bug #1136655)
+	[trixie] - ironic <no-dsa> (Minor issue)
+	[bookworm] - ironic <no-dsa> (Minor issue)
 	[bullseye] - ironic <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ironic/+bug/2150332
 	NOTE: https://opendev.org/openstack/ironic/commit/a3f6d735ac3642ab95b49142c7305f072ae748d0
@@ -6755,6 +6757,8 @@ CVE-2026-4935 (The OttoKit: All-in-One Automation Platform WordPress plugin befo
 	NOT-FOR-US: WordPress plugin
 CVE-2026-44916 (In OpenStack Ironic before 35.0.2 (in a certain non-default configurat ...)
 	- ironic 1:35.0.1-2 (bug #1136005)
+	[trixie] - ironic <no-dsa> (Minor issue)
+	[bookworm] - ironic <no-dsa> (Minor issue)
 	[bullseye] - ironic <no-dsa> (Minor issue)
 	NOTE: https://bugs.launchpad.net/ironic/+bug/2148307
 	NOTE: https://review.opendev.org/c/openstack/ironic/+/987514
@@ -7141,8 +7145,11 @@ CVE-2026-44243 (GitPython is a python library used to interact with Git reposito
 	NOTE: https://github.com/gitpython-developers/GitPython/pull/2134
 CVE-2026-42285 (GoBGP is an open source Border Gateway Protocol (BGP) implementation i ...)
 	- gobgp 4.5.0-1 (bug #1136049)
-	[bullseye] - gobgp <postponed> (Limited support, follow bookworm security updates)
+	[trixie] - gobgp <not-affected> (Vulnerable code not present, introduced in 4.4.0)
+	[bookworm] - gobgp <not-affected> (Vulnerable code not present, introduced in 4.4.0)
+	[bullseye] - gobgp <not-affected> (Vulnerable code not present, introduced in 4.4.0)
 	NOTE: https://github.com/osrg/gobgp/security/advisories/GHSA-p3w2-64xm-833j
+	NOTE: Fixed by https://github.com/osrg/gobgp/commit/d2d2be3e4e7915d407e662e5d388d9f8ae8a8f7b (v4.5.0)
 CVE-2026-42214 (Notepad Next is a cross-platform, reimplementation of Notepad++. Prior ...)
 	NOT-FOR-US: Notepad Next
 CVE-2026-41906 (FreeScout is a free help desk and shared inbox built with PHP's Larave ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7292ee377243fdde3630a396d0ef722e810095b3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7292ee377243fdde3630a396d0ef722e810095b3
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260519/a37fd65a/attachment.htm>

More information about the debian-security-tracker-commits mailing list