[Git][security-tracker-team/security-tracker][master] trixie/bookworm triage
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed May 20 14:21:54 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ba7846bf by Moritz Muehlenhoff at 2026-05-20T15:21:45+02:00
trixie/bookworm triage
- - - - -
2 changed files:
- data/CVE/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8240,14 +8240,20 @@ CVE-2026-41890 (CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a prod
NOT-FOR-US: CI4MS
CVE-2026-41675 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
- node-xmldom 0.9.10-1
+ [trixie] - node-xmldom <no-dsa> (Minor issue)
+ [bookworm] - node-xmldom <no-dsa> (Minor issue)
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx
NOTE: https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2 (0.9.10)
CVE-2026-41674 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
- node-xmldom 0.9.10-1
+ [trixie] - node-xmldom <no-dsa> (Minor issue)
+ [bookworm] - node-xmldom <no-dsa> (Minor issue)
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h
NOTE: https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314 (0.9.10)
CVE-2026-41673 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
- node-xmldom 0.9.10-1
+ [trixie] - node-xmldom <no-dsa> (Minor issue)
+ [bookworm] - node-xmldom <no-dsa> (Minor issue)
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw
NOTE: https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe (0.9.10)
NOTE: https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a (0.9.10)
@@ -8261,6 +8267,8 @@ CVE-2026-41673 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2
NOTE: https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f (0.9.10)
CVE-2026-41672 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...)
- node-xmldom 0.9.10-1
+ [trixie] - node-xmldom <no-dsa> (Minor issue)
+ [bookworm] - node-xmldom <no-dsa> (Minor issue)
NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8
NOTE: https://github.com/xmldom/xmldom/pull/987
NOTE: https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1 (0.9.10)
=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,8 @@ amd64-microcode (carnil)
--
atril
--
+bind9
+--
botan3/stable
--
ceph (carnil)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba7846bf9fc9551f91e1a966450973acf15ecf2a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ba7846bf9fc9551f91e1a966450973acf15ecf2a
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/e2a253c4/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list