[Git][security-tracker-team/security-tracker][master] 4 commits: dla: add jq

Tue May 19 10:15:40 BST 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d51d2a82 by Sylvain Beucler at 2026-05-19T11:14:51+02:00
dla: add jq

- - - - -
f835d359 by Sylvain Beucler at 2026-05-19T11:14:54+02:00
CVE-2026-5089/libyaml-syck-perl: bullseye postponed

- - - - -
4afdd0a5 by Sylvain Beucler at 2026-05-19T11:14:56+02:00
CVE-2026-6659/libcrypt-passwdmd5-perl: bullseye postponed

- - - - -
3cf13301 by Sylvain Beucler at 2026-05-19T11:14:59+02:00
CVE-2013-10075/libapache-session-perl: bullseye postponed

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4042,6 +4042,7 @@ CVE-2026-5089 (YAML::Syck versions before 1.38 for Perl  has an out-of-bounds re
 	- libyaml-syck-perl 1.36-3
 	[trixie] - libyaml-syck-perl <no-dsa> (Minor issue)
 	[bookworm] - libyaml-syck-perl <no-dsa> (Minor issue)
+	[bullseye] - libyaml-syck-perl <postponed> (Minor issue, limited OOB read)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39981051/
 	NOTE: https://github.com/cpan-authors/YAML-Syck/issues/132
 	NOTE: https://github.com/cpan-authors/YAML-Syck/pull/133
@@ -5620,6 +5621,7 @@ CVE-2026-6659 (Crypt::PasswdMD5 versions through 1.42 for Perl generates insecur
 	- libcrypt-passwdmd5-perl <unfixed> (bug #1136091)
 	[trixie] - libcrypt-passwdmd5-perl <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libcrypt-passwdmd5-perl <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - libcrypt-passwdmd5-perl <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39857355/
 CVE-2026-43470 (In the Linux kernel, the following vulnerability has been resolved:  n ...)
 	- linux 6.19.10-1
@@ -6688,6 +6690,7 @@ CVE-2025-71297 (In the Linux kernel, the following vulnerability has been resolv
 	NOTE: https://git.kernel.org/linus/44d1f624bbdd2d60319374ba85f7195a28d00c90 (7.0-rc1)
 CVE-2013-10075 (Apache::Session versions through 1.94 for Perl re-creates deleted sess ...)
 	- libapache-session-perl <unfixed> (bug #1136206)
+	[bullseye] - libapache-session-perl <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://lists.security.metacpan.org/cve-announce/msg/39844719/
 CVE-2026-43500 (In the Linux kernel, the following vulnerability has been resolved:  r ...)
 	{DSA-6258-1 DSA-6253-1 DLA-4574-1 DLA-4572-1}


=====================================
data/dla-needed.txt
=====================================
@@ -236,6 +236,10 @@ jackson-core (Markus Koschany)
 jetty9
   NOTE: 20260418: Added by Front-Desk. Fix CVE-2026-5795 maybe other (rouca)
 --
+jq
+  NOTE: 20260519: Added by Front-Desk (Beuc)
+  NOTE: 20260519: Many postponed CVEs piled-up (Beuc/front-desk)
+--
 kamailio
   NOTE: 20260413: Added by Front-Desk (rouca)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36aec02e307f983e00ae14914fe15f422f69f10e...3cf133015bdd248b9fe3dac1863caf840ae25e07

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/36aec02e307f983e00ae14914fe15f422f69f10e...3cf133015bdd248b9fe3dac1863caf840ae25e07
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260519/b9f2c426/attachment-0001.htm>
