[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 20 14:12:55 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d08a7231 by Moritz Muehlenhoff at 2026-05-20T15:12:34+02:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -2628,6 +2628,8 @@ CVE-2026-8496 (A cross-site scripting (XSS) vulnerability exists in Alinto SOGo,
NOTE: https://github.com/Alinto/sogo/commit/67ce01ec2a1a7854d8e9f615dd65afb949043e8 (SOGo-5.12.8)
CVE-2026-8466 (Allocation of Resources Without Limits or Throttling vulnerability in ...)
- erlang-cowboy <unfixed>
+ [trixie] - erlang-cowboy <no-dsa> (Minor issue)
+ [bookworm] - erlang-cowboy <no-dsa> (Minor issue)
NOTE: https://cna.erlef.org/cves/CVE-2026-8466.html
NOTE: https://osv.dev/vulnerability/EEF-CVE-2026-8466
NOTE: Fixed by: https://github.com/ninenines/cowboy/commit/5c6a2061b41bb5771c4659fac7d5a822dca5bafb (2.15.0)
@@ -7410,6 +7412,8 @@ CVE-2025-71297 (In the Linux kernel, the following vulnerability has been resolv
NOTE: https://git.kernel.org/linus/44d1f624bbdd2d60319374ba85f7195a28d00c90 (7.0-rc1)
CVE-2013-10075 (Apache::Session versions through 1.94 for Perl re-creates deleted sess ...)
- libapache-session-perl <unfixed> (bug #1136206)
+ [trixie] - libapache-session-perl <postponed> (Minor issue, revisit when fixed upstream)
+ [bookworm] - libapache-session-perl <postponed> (Minor issue, revisit when fixed upstream)
[bullseye] - libapache-session-perl <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://lists.security.metacpan.org/cve-announce/msg/39844719/
CVE-2026-43500 (In the Linux kernel, the following vulnerability has been resolved: r ...)
=====================================
data/dsa-needed.txt
=====================================
@@ -27,7 +27,7 @@ cups
dovecot
Noah Meyerhans proposing updates for review, wait for exposure in unstable for regressions
--
-evince
+evince (carnil)
--
expat
--
@@ -85,6 +85,8 @@ openvpn (jmm)
pdfminer (carnil)
Required followup for CVE-2025-64512 as original fix was incomplete.
--
+pdns/stable (jmm)
+--
php-laravel-framework/oldstable
--
python-aiohttp/oldstable
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08a7231978727de6f168413037d75c838082550
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d08a7231978727de6f168413037d75c838082550
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/b07677d2/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list